CVE-2023-43634

<br /> When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs<br /> are used.<br /> <br /> In a previous project, CYMOTIVE found that the configuration is not protected by the secure<br /> boot, and in response Zededa implemented measurements on the config partition that was<br /> mapped to PCR 13.<br /> <br /> In that process, PCR 13 was added to the list of PCRs that seal/unseal the key.<br /> <br /> In commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partition<br /> measurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list of<br /> PCRs that seal/unseal the key.<br /> <br /> This change makes the measurement of PCR 14 effectively redundant as it would not affect<br /> the sealing/unsealing of the key.<br /> <br /> <br /> <br /> An attacker could modify the config partition without triggering the measured boot, this could<br /> result in the attacker gaining full control over the device with full access to the contents of the<br /> encrypted “vault”<br /> <br /> <br /> <br /> <br />