Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.
References
Link | Resource |
---|---|
https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/ | Issue Tracking Patch Third Party Advisory |
https://www.usenix.org/conference/usenixsecurity18/presentation/han |
Configurations
Information
Published : 2017-11-15 18:29
Updated : 2018-08-17 11:29
NVD link : CVE-2017-16837
Mitre link : CVE-2017-16837
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
trusted_boot_project
- trusted_boot