13 matches found
GHSA-4JVR-VJ2C-8Q37 EVE Seals Vault Key With SHA1 PCRs
Impact The vault key is sealed using SHA1 PCRs instead of SHA256 PCRs Thus an attacker with physical access to an EVE-OS device can try to brute force creating a kernel or rootfs image which produces the same SHA1 PCR but with malicious content. Patches Fixed in 9.4.3-lts and 10.1.0 Workarounds N...
CVE-2025-71077
In the Linux kernel, the following vulnerability has been resolved: tpm: Cap the number of PCR banks tpm2getpcrallocation does not cap any upper limit for the number of banks. Cap the limit to eight banks so that out of bounds values coming from external I/O cause on only limited harm...
CLSA-2025-1764614196 tpm2-tools: Fix of CVE-2024-29039
CVE-2024-29039: add comparison of pcr selection to prevent misleading picture of the TPM state...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via incomplete validation of attestation documents in the attestation verification process. An attacker can cause clients to trust enclaves that do not meet expected integrity guarantees ...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via incomplete validation of attestation documents in the attestation verification process. An attacker can cause clients to trust enclaves that do not meet expected integrity guarantees ...
CVE-2023-30633
An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers PCRs to record information about device and software configuration to ensure that the boot...
CVE-2023-30633
An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers PCRs to record information about device and software configuration to ensure that the boot...
Design/Logic Flaw
An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers PCRs to record information about device and software configuration to ensure that the boot...
CVE-2023-30633
An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers PCRs to record information about device and software configuration to ensure that the boot...
CVE-2023-30633
An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers PCRs to record information about device and software configuration to ensure that the boot...
GHSA-3WMX-9QWP-H363 Duplicate Advisory: EVE Doesn't Protect Config Partition with Measured Boot
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc42-fcjp-v8vq. This link is maintained to preserve external references. Original Description When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous...
Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices
Microsoft has published a new advisory warning of a security bypass vulnerability affecting Surface Pro 3 convertible laptops that could be exploited by an adversary to introduce malicious devices within enterprise networks and defeat the device attestation mechanism. Tracked as CVE-2021-42299 CV...
CVE-2018-6622
An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group TCG Trusted Platform Module TPM 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can...