VDB

CISA-2023-43634

CISA-2023-43634 PUBLISHED CVSS 8.8 HIGH

Reported by ASRG · Published September 21, 2023

When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configuration is not protected by the secure boot, and in response Zededa implemented measurements on the config partition that was mapped to PCR 13. In that process, PCR 13 was added to the list of PCRs that seal/unseal the key. In commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partition measurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list of PCRs that seal/unseal the key. This change makes the measurement of PCR 14 effectively redundant as it would not affect the sealing/unsealing of the key. An attacker could modify the config partition without triggering the measured boot, this could result in the attacker gaining full control over the device with full access to the contents of the encrypted “vault”

Risk Scores

CVSS 3.1
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersions
LF-Edge, ZededaEVE OS0, 9.0.0
lfedgeeve0, 9.0.0, 9.0.0
LF-Edge, ZededaEVE OS0, 9.0.0, 9.0.0

Timeline

  • Sep 21, 2023 CVE Published
  • Sep 24, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›