When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs
are used.
In a previous project, CYMOTIVE found that the configuration is not protected by the secure
boot, and in response Zededa implemented measurements on the config partition that was
mapped to PCR 13.
In that process, PCR 13 was added to the list of PCRs that seal/unseal the key.
In commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partition
measurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list of
PCRs that seal/unseal the key.
This change makes the measurement of PCR 14 effectively redundant as it would not affect
the sealing/unsealing of the key.
An attacker could modify the config partition without triggering the measured boot, this could
result in the attacker gaining full control over the device with full access to the contents of the
encrypted “vault”
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://asrg.io/security-advisories/cve-2023-43634/ |
History
Tue, 24 Sep 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: ASRG
Published: 2023-09-21T13:05:14.046Z
Updated: 2024-09-24T16:54:58.431Z
Reserved: 2023-09-20T14:34:14.874Z
Link: CVE-2023-43634
Vulnrichment
Updated: 2024-08-02T19:44:43.689Z
NVD
Status : Modified
Published: 2023-09-21T14:15:11.477
Modified: 2024-11-21T08:24:30.747
Link: CVE-2023-43634
Redhat
No data.