Linuxfoundation Edge_virtualization_engine
5 CVEs affecting Linuxfoundation Edge_virtualization_engine. Latest disclosed: 2023-09-21. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-43632 | Critical | 9.0 | 2023-09-21 | As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the cli… |
CVE-2023-43631 | High | 8.8 | 2023-09-21 | On boot, the Pillar eve container checks for the existence and content of “/config/authorized_keys”. If the file is present, and contains a supported public… |
CVE-2023-43636 | High | 8.8 | 2023-09-20 | In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per the “measured boot” d… |
CVE-2023-43635 | High | 8.8 | 2023-09-20 | Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update… |
CVE-2023-43630 | High | 8.8 | 2023-09-20 | PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7f… |