CVE-2017-16837: Input Validation
First published: Thu Nov 16 2017(Updated: )
Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trusted Boot Project | =1.9.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-16837?
CVE-2017-16837 is classified with a high severity level due to the potential for arbitrary code execution.
How do I fix CVE-2017-16837?
To fix CVE-2017-16837, upgrade to a version of Trusted Boot beyond 1.9.6 that addresses the validation of function pointers.
Who is affected by CVE-2017-16837?
CVE-2017-16837 affects users and systems using Trusted Boot version 1.9.6.
What are the potential impacts of CVE-2017-16837?
The impacts of CVE-2017-16837 can include local users gaining elevated privileges and the ability to overwrite dynamic PCRs of the TPM.
Is CVE-2017-16837 related to TPM security?
Yes, CVE-2017-16837 directly affects the security of the Trusted Platform Module through the manipulation of dynamic PCRs.
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/trusted boot project
- canonical/trusted boot project
- version/trusted boot project/1.9.6