CVE-2023-43635
Published: 20 September 2023
Summary
CVE-2023-43635 is a high-severity Use of Weak Hash (CWE-328) vulnerability in Linuxfoundation Edge Virtualization Engine. Its CVSS base score is 8.8 (High).
Operationally, ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-48035
Vulnerability details
Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR…
more
entry. These PCRs are then used in order to seal/unseal a key from the TPM which is used to encrypt/decrypt the “vault” directory. This “vault” directory is the most sensitive point in the system and as such, its content should be protected. This mechanism is noted in Zededa’s documentation as the “measured boot” mechanism, designed to protect said “vault”. The code that’s responsible for generating and fetching the key from the TPM assumes that SHA256 PCRs are used in order to seal/unseal the key, and as such their presence is being checked. The issue here is that the key is not sealed using SHA256 PCRs, but using SHA1 PCRs. This leads to several issues: • Machines that have their SHA256 PCRs enabled but SHA1 PCRs disabled, as well as not sealing their keys at all, meaning the “vault” is not protected from an attacker. • SHA1 is considered insecure and reduces the complexity level required to unseal the key in machines which have their SHA1 PCRs enabled. An attacker can very easily retrieve the contents of the “vault”, which will effectively render the “measured boot” mechanism meaningless.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Enforces approved cryptographic algorithms for each use case, blocking use of broken or risky algorithms.
Flaw remediation replaces broken or risky cryptographic algorithms once safer implementations are released by vendors.
Training instructs users on protecting credentials from disclosure or unauthorized access.
Training records for security awareness and role-based training verify education on credential protection practices, tangibly reducing risks from mishandling or exposing credentials.
Contacts with security groups provide timely information on broken or risky cryptographic algorithms, reducing the likelihood of their selection and use.
Protecting authenticator content from unauthorized disclosure and modification while requiring protective controls addresses insufficiently protected credentials.
Rules of behavior include credential protection and non-sharing requirements, reducing exposure of insufficiently protected credentials.
Ongoing education and sharing of recommended practices helps organizations identify and migrate away from broken or risky cryptographic algorithms.