CVE-2025-1122: TPM2 Out-Of-Bounds Write Leading to Potential Operating System Verification Bypass in ChromeOS
First published: Tue Apr 15 2025(Updated: )
Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.
Credit: 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome OS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1122?
CVE-2025-1122 has a high severity rating due to the potential for attackers to gain persistence and bypass system verification.
How do I fix CVE-2025-1122?
To fix CVE-2025-1122, ensure that your Google ChromeOS is updated to the latest version that includes the security patch addressing this vulnerability.
Who is affected by CVE-2025-1122?
CVE-2025-1122 affects users running Google ChromeOS 122.0.6261.132 on Cr50 boards.
What type of vulnerability is CVE-2025-1122?
CVE-2025-1122 is classified as an out-of-bounds write vulnerability in the TPM2 reference library.
What are the potential consequences of CVE-2025-1122?
Exploitation of CVE-2025-1122 may allow an attacker with root access to improperly interact with the system, leading to elevated privileges and possible data compromise.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/source
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/google
- canonical/google chrome os