CVE-2023-43634
published 2023-09-21CVE-2023-43634: When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configuration…
PriorityP346high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
EPSS
0.16%
5.6th percentile
When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs
are used.
In a previous project, CYMOTIVE found that the configuration is not protected by the secure
boot, and in response Zededa implemented measurements on the config partition that was
mapped to PCR 13.
In that process, PCR 13 was added to the list of PCRs that seal/unseal the key.
In commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partition
measurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list of
PCRs that seal/unseal the key.
This change makes the measurement of PCR 14 effectively redundant as it would not affect
the sealing/unsealing of the key.
An attacker could modify the config partition without triggering the measured boot, this could
result in the attacker gaining full control over the device with full access to the contents of the
encrypted “vault”
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | lf-edge_eve | >= 0 < 0.0.0-20230519072751-977f42b07fa9 | 0.0.0-20230519072751-977f42b07fa9 |
| lf-edge_zededa | eve_os | < 8.6.0 | 8.6.0 |
| lf-edge_zededa | eve_os | >= 9.0.0 < 9.5.0 | 9.5.0 |
| lfedge | eve | < 8.6.0 | 8.6.0 |
| lfedge | eve | >= 9.0.0 < 9.5.0 | 9.5.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
EVE Doesn't Protect Config Partition with Measured Boot in github.com/lf-edge/eve
osv·2026-02-05
CVE-2023-43634 EVE Doesn't Protect Config Partition with Measured Boot in github.com/lf-edge/eve
EVE Doesn't Protect Config Partition with Measured Boot in github.com/lf-edge/eve
EVE Doesn't Protect Config Partition with Measured Boot in github.com/lf-edge/eve
OSV
EVE Doesn't Protect Config Partition with Measured Boot
osv·2026-02-04
CVE-2023-43634 [MEDIUM] EVE Doesn't Protect Config Partition with Measured Boot
EVE Doesn't Protect Config Partition with Measured Boot
### Impact
Config partition measurement was moved from PCR 13 to PCR 14 in a commit, but PCR 14 was not added to the list of PCRs that seal/unseal the vault key. As a result, an attacker can remove the disk, use another server to modify the files in the config partition, and then re-insert the disk.
### Patches
Fixed in EVE version 9.4.3-lts
### Workarounds
None (apart from preventing physical access to the device)
### Resources
https://help.zededa.com/hc/en-us/articles/43295940828827-TPM-PCR-Index-Security-Implications
https://github.com/lf-edge/eve/commit/d9383a7ee4e1c39f5c8c6d4a63cb2ebd00695e8a
GHSA
EVE Doesn't Protect Config Partition with Measured Boot
ghsa·2026-02-04
CVE-2023-43634 [MEDIUM] CWE-522 EVE Doesn't Protect Config Partition with Measured Boot
EVE Doesn't Protect Config Partition with Measured Boot
### Impact
Config partition measurement was moved from PCR 13 to PCR 14 in a commit, but PCR 14 was not added to the list of PCRs that seal/unseal the vault key. As a result, an attacker can remove the disk, use another server to modify the files in the config partition, and then re-insert the disk.
### Patches
Fixed in EVE version 9.4.3-lts
### Workarounds
None (apart from preventing physical access to the device)
### Resources
https://help.zededa.com/hc/en-us/articles/43295940828827-TPM-PCR-Index-Security-Implications
https://github.com/lf-edge/eve/commit/d9383a7ee4e1c39f5c8c6d4a63cb2ebd00695e8a
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-09-21
Published