CVE-2017-16837
Published: 16 November 2017
Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.
Priority
Status
Package | Release | Status |
---|---|---|
tboot Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Needed
|
|
cosmic |
Released
(1.9.7-0ubuntu1)
|
|
zesty |
Ignored
(end of life)
|
|
impish |
Released
(1.9.7-0ubuntu1)
|
|
groovy |
Released
(1.9.7-0ubuntu1)
|
|
hirsute |
Released
(1.9.7-0ubuntu1)
|
|
jammy |
Released
(1.9.7-0ubuntu1)
|
|
xenial |
Needed
|
|
kinetic |
Released
(1.9.7-0ubuntu1)
|
|
lunar |
Released
(1.9.7-0ubuntu1)
|
|
disco |
Released
(1.9.7-0ubuntu1)
|
|
eoan |
Released
(1.9.7-0ubuntu1)
|
|
focal |
Released
(1.9.7-0ubuntu1)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(1.9.7-0ubuntu1)
|
|
mantic |
Released
(1.9.7-0ubuntu1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |