CVE-2017-16837

HIGH

Trusted Boot through 1.9.6 - Arbitrary Code Execution via Unvalidated Function Pointers

Title source: llm
STIX 2.1

Description

Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.

References (2)

Core 2
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/

Scores

CVSS v3 7.8
EPSS 0.0042
EPSS Percentile 33.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
trusted_boot_project/trusted_boot 1.9.6
Published Nov 16, 2017
Tracked Since Feb 18, 2026