CVE-2023-43634

Name of the Vulnerable Software and Affected Versions Zededa (affected versions not specified)

Description The issue arises from a change in the configuration partition measurement from PCR 13 to PCR 14, without updating the list of PCRs used for sealing and unsealing the "vault" key. This makes the measurement of PCR 14 redundant and allows an attacker to modify the config partition without triggering the measured boot. As a result, the attacker could gain full control over the device and access the contents of the encrypted "vault".

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.