CVE-2023-43635

Summary of CVE-2023-43635 / GHSA-4JVR-VJ2C-8Q37 : In EVE-OS measured boot, the vault key is sealed using SHA1 PCRs instead of SHA256 PCRs. The TPM PCRs that are used to seal/unseal the key for encrypting the vault directory may be SHA1-enabled while SHA256 PCRs are not consistently used, enabling...

CVE-2023-43636

Summary: CVE-2023-43636 concerns EVE OS measured boot not validating the entire root filesystem (rootfs). The PCR-based attestation covers BIOS/GRUB/kernel cmdline/initrd but not the complete rootfs, allowing an attacker to alter the squashfs root image and gain control without triggering attesta...

CVE-2023-43632

CVE-2023-43632 affects the EVE vTPM server (vtpm_server) listening on port 8877. The server reads a 4-byte header (uint32 size) and allocates a payload of that size on the stack, enabling a stack-based overflow with attacker-controlled data. Consequences listed: system crash or full control of vt...

CVE-2023-43630

CVE-2023-43630 documents a TPM/Measured Boot issue in the EVE project (lf-edge/eve) where PCR14 is not in the sealing/unsealing list for the vault key, and the vault key is sealed with SHA1 PCRs instead of SHA256. A code change (commit 7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4) meant that PCR14 up...

CVE-2023-43631

The CVE-2023-43631 issue affects the Pillar/EVE container in EVE OS. On boot, the container checks for /config/authorized_keys and, if a valid public key is present, enables SSH on port 22 for root login. The /config partition is not protected by measured boot, is mutable, and unencrypted, allowi...