high
8.8
CWE
345
Advisory Published
Updated

CVE-2023-43636: Rootfs Not Protected

First published: Wed Sep 20 2023(Updated: )

In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per the “measured boot” design, the PCR values calculated at different stages of the boot process will change if any of their respective parts are changed. This includes, among other things, the configuration of the bios, grub, the kernel cmdline, initrd, and more. However, this mechanism does not validate the entire rootfs, so an attacker can edit the filesystem and gain control over the system. As the default filesystem used by EVE OS is squashfs, this is somewhat harder than an ext4, which is easily changeable. This will not stop an attacker, as an attacker can repackage the squashfs with their changes in it and replace the partition altogether. This can also be done directly on the device, as the “003-storage-init” container contains the “mksquashfs” and “unsquashfs” binaries (with the corresponding libs). An attacker can gain full control over the device without changing the PCR values, thus not triggering the “measured boot” mechanism, and having full access to the vault. Note: This issue was partially fixed in these commits (after disclosure to Zededa), where the config partition measurement was added to PCR13: • aa3501d6c57206ced222c33aea15a9169d629141 • 5fef4d92e75838cc78010edaed5247dfbdae1889. This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.

Credit: cve@asrg.io cve@asrg.io

Affected SoftwareAffected VersionHow to fix
Linuxfoundation Edge Virtualization Engine<8.6.0
Linuxfoundation Edge Virtualization Engine>=9.0.0<9.5.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2023-43636?

    CVE-2023-43636 is a security vulnerability in EVE OS that allows a compromised device to access encrypted data located in the vault.

  • How does the 'measured boot' mechanism in EVE OS work?

    The 'measured boot' mechanism in EVE OS calculates PCR values at different stages of the boot process, which change if any parts of the boot process are altered.

  • What versions of Linuxfoundation Edge Virtualization Engine are affected by CVE-2023-43636?

    Versions 8.6.0 and between 9.0.0 to 9.5.0 of Linuxfoundation Edge Virtualization Engine are affected by CVE-2023-43636.

  • How severe is CVE-2023-43636?

    CVE-2023-43636 has a severity score of 8.8, indicating a high level of severity.

  • Where can I find more information about CVE-2023-43636?

    You can find more information about CVE-2023-43636 at the following link: [Security Advisory](https://asrg.io/security-advisories/19274/).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203