Published: 16/11/2017 Updated: 17/08/2018

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Certain function pointers in Trusted Boot (tboot) up to and including 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
trusted boot project trusted boot 1.9.6

Certain function pointers in Trusted Boot (tboot) through 196 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers ...

Potential security vulnerabilities have been identified with the Trusted Platform Module (TPM) that allow an unauthorized third party to modify the TPM configuration following an S3 Resume, allowing unauthorized access to the system and its data ...

CWE-20 https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/https://www.usenix.org/conference/usenixsecurity18/presentation/han https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-16837 https://support.hp.com/us-en/document/c06265284

CVE-2017-16837

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect