MidnightBSD

Advisories for trusted_boot_project

CVE-2014-5118 LOW

Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
trusted_boot_project trusted_boot *
fedoraproject fedora 20
redhat enterprise_linux 6.0
fedoraproject fedora 19
CVE-2017-16837 MEDIUM

Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
trusted_boot_project trusted_boot 1.9.6