CVE-2023-43630

Aliases:GHSA-phcg-h58r-gmcqGO-2026-4430

Advisory lineage Upstream: 0 Downstream: 1

Downstream

SUSE-SU-2026:0403-1

Modified

Published: 20 Sept 2023, 14:37

Last modified:24 Sept 2024, 18:34

Vulnerability Summary

Overall Risk (default)

medium

35/100

CVSS Score

8.8 HIGH

v3.1 (cve.org)

EPSS Score

0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 Sept 2023, 14:37

Published

Vulnerability first disclosed

24 Sept 2024, 18:34

Last Modified

Vulnerability information updated

Description

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the problem of the config partition not being measured correctly. Also, the “vault” key is sealed/unsealed with SHA1 PCRs instead of SHA256. This issue was somewhat mitigated due to all of the PCR extend functions updating both the values of SHA256 and SHA1 for a given PCR ID. However, due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, this is no longer the case for PCR14, as the code in “measurefs.go” explicitly updates only the SHA256 instance of PCR14, which means that even if PCR14 were to be added to the list of PCRs sealing/unsealing the “vault” key, changes to the config partition would still not be measured. An attacker could modify the config partition without triggering the measured boot, this could result in the attacker gaining full control over the device with full access to the contents of the encrypted “vault”

CVSS Metrics

v3.1•HIGH•Score: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
v3.1•MEDIUM•Score: 5.2CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Techniques & Countermeasures

CWE-328•Use of Weak Hash
The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
CWE-522•Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CWE-922•Insecure Storage of Sensitive Information
The product stores sensitive information without properly limiting read or write access by unauthorized actors.

Affected Systems

github.com/lf-edge•eve
< 0.0.0-20230126065759-d9383a7ee4e1
lf-edge, zededa•eve os
≥ 9.0.0, < 9.5.0
linuxfoundation•edge_virtualization_engine
≥ 9.0.0, < 9.5.0