{"vulnerability": "CVE-2023-43634", "sightings": [{"uuid": "c73bb646-093f-42af-aec7-c03fb0daf85a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43634", "type": "seen", "source": "https://gist.github.com/alon710/e906ef12237a848004f9c83861a63189", "content": "", "creation_timestamp": "2026-02-04T22:10:05.000000Z"}, {"uuid": "83d0bc4e-765e-4e64-a890-1cbb5e7dddca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43634", "type": "seen", "source": "https://t.me/cibsecurity/70896", "content": "\u203c CVE-2023-43634 \u203c\n\nWhen sealing/unsealing the \u00e2\u20ac\u0153vault\u00e2\u20ac\ufffd key, a list of PCRs is used, which defines which PCRsare used.In a previous project, CYMOTIVE found that the configuration is not protected by the secureboot, and in response Zededa implemented measurements on the config partition that wasmapped to PCR 13.In that process, PCR 13 was added to the list of PCRs that seal/unseal the key.In commit \u00e2\u20ac\u015356e589749c6ff58ded862d39535d43253b249acf\u00e2\u20ac\ufffd, the config partitionmeasurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list ofPCRs that seal/unseal the key.This change makes the measurement of PCR 14 effectively redundant as it would not affectthe sealing/unsealing of the key.An attacker could modify the config partition without triggering the measured boot, this couldresult in the attacker gaining full control over the device with full access to the contents of theencrypted \u00e2\u20ac\u0153vault\u00e2\u20ac\ufffd\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-21T18:31:08.000000Z"}]}