CVE-2017-16837

Опубликовано: 16 нояб. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.

Ссылки

https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/
Issue Tracking
Patch
Third Party Advisory
https://www.usenix.org/conference/usenixsecurity18/presentation/han
https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/
Issue Tracking
Patch
Third Party Advisory
https://www.usenix.org/conference/usenixsecurity18/presentation/han

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trusted_boot_project:trusted_boot:1.9.6:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00117

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2017-16837

CVSS3: 7.8

ubuntu

около 8 лет назад

CVE-2017-16837

CVSS3: 5.5

redhat

около 8 лет назад

CVE-2017-16837

CVSS3: 7.8

debian

около 8 лет назад

Certain function pointers in Trusted Boot (tboot) through 1.9.6 are no ...

openSUSE-SU-2017:3100-1

suse-cvrf

около 8 лет назад

Security update for tboot

SUSE-SU-2017:3090-1

suse-cvrf

около 8 лет назад

Recommended update for tboot

EPSS

Процентиль: 31%

0.00117

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-20