CVE-2017-16837
Description
Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.117
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2017:3090-1(SUSE Linux Enterprise Server 12-SP2 ) tboot-20160518_1.9.4-7.5.1.x86_64.rpm | Linux |
| SUSE-SU-2017:3090-1(SUSE Linux Enterprise Server 12-SP2 ) tboot-debuginfo-20160518_1.9.4-7.5.1.x86_64.rpm | Linux |
| SUSE-SU-2017:3090-1(SUSE Linux Enterprise Server 12-SP2 ) tboot-debugsource-20160518_1.9.4-7.5.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234