{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2023-43630","title":"Title"},{"category":"description","text":"PCR14 is not in the list of PCRs that seal/unseal the \"vault\" key, but\ndue to the change that was implemented in commit\n\"7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4\", fixing this issue alone would not solve the\nproblem of the config partition not being measured correctly.\n\nAlso, the \"vault\" key is sealed/unsealed with SHA1 PCRs instead of\nSHA256. \nThis issue was somewhat mitigated due to all of the PCR extend functions\nupdating both the values of SHA256 and SHA1 for a given PCR ID.\n\nHowever, due to the change that was implemented in commit\n\"7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4\", this is no longer the case for PCR14, as\nthe code in \"measurefs.go\" explicitly updates only the SHA256 instance of PCR14, which\nmeans that even if PCR14 were to be added to the list of PCRs sealing/unsealing the \"vault\"\nkey, changes to the config partition would still not be measured.\n\n\n\nAn attacker could modify the config partition without triggering the measured boot, this could\nresult in the attacker gaining full control over the device with full access to the contents of the\nencrypted \"vault\" \n\n\n\n\n","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2023-43630","url":"https://www.suse.com/security/cve/CVE-2023-43630"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"Advisory link for SUSE-SU-2026:0403-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2026-February/024084.html"}],"title":"SUSE CVE CVE-2023-43630","tracking":{"current_release_date":"2026-02-12T01:18:14Z","generator":{"date":"2026-02-08T00:41:34Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2023-43630","initial_release_date":"2026-02-08T00:41:34Z","revision_history":[{"date":"2026-02-08T00:41:34Z","number":"2","summary":"references added,severity changed from  to important"},{"date":"2026-02-12T01:18:14Z","number":"3","summary":"references added"}],"status":"interim","version":"3"}}}