Out-Of-Bounds Write in TPM2 Reference Library Enabling Persistence on ChromeOS Cr50
An out-of-bounds write vulnerability exists in the TPM2 Reference Library within Google ChromeOS version 122.0.6261.132 stable on Cr50 Boards. This security issue enables an attacker with root access to gain persistence and bypass operating system verification by exploiting the NV_Read functionality during the Challenge-Response process.
Vulmon