CVE-2023-43634

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zededa (affected versions not specified)

Description The issue arises from a change in the configuration partition measurement from PCR 13 to PCR 14, without updating the list of PCRs used for sealing and unsealing the "vault" key. This makes the measurement of PCR 14 redundant and allows an attacker to modify the config partition without triggering the measured boot. As a result, the attacker could gain full control over the device and access the contents of the encrypted "vault".

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficiently Protected Credentials

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-922

Related Identifiers

CVE-2023-43634

GHSA-3WMX-9QWP-H363

GHSA-WC42-FCJP-V8VQ

GO-2026-4432

SUSE-SU-2026:0403-1

Affected Products

Zededa

CVE-2023-43634

Weakness Enumeration

Related Identifiers

Affected Products

References · 94