CVE-2023-43634

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-43634

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-43634.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-43634

Aliases

Downstream

SUSE-SU-2026:0403-1

Related

SUSE-SU-2026:0403-1

Published

2023-09-21T14:15:11.477Z

Modified

2026-03-23T04:59:28.167406685Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used.

In a previous project, CYMOTIVE found that the configuration is not protected by the secure boot, and in response Zededa implemented measurements on the config partition that was mapped to PCR 13.

In that process, PCR 13 was added to the list of PCRs that seal/unseal the key.

In commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partition measurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list of PCRs that seal/unseal the key.

This change makes the measurement of PCR 14 effectively redundant as it would not affect the sealing/unsealing of the key.

An attacker could modify the config partition without triggering the measured boot, this could result in the attacker gaining full control over the device with full access to the contents of the encrypted “vault”

References

https://asrg.io/security-advisories/cve-2023-43634/

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-43634.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "8.6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "9.0.0"
            },
            {
                "fixed": "9.5.0"
            }
        ]
    }
]