UBUNTU-CVE-2017-16837
- Source
- https://ubuntu.com/security/CVE-2017-16837
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-16837.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-16837
- Upstream
- Published
- 2017-11-16T02:29:00Z
- Modified
- 2025-10-24T04:46:36Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.
- References
Affected packages
Ubuntu:16.04:LTS / tboot
Package
- Name
- tboot
- Purl
- pkg:deb/ubuntu/tboot@1.8.3-0ubuntu1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:18.04:LTS / tboot
Package
- Name
- tboot
- Purl
- pkg:deb/ubuntu/tboot@1.9.6-0ubuntu1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:20.04:LTS / tboot
Package
- Name
- tboot
- Purl
- pkg:deb/ubuntu/tboot@1.9.7-0ubuntu1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.9.7-0ubuntu1