{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2023-43634","title":"Title"},{"category":"description","text":"\nWhen sealing/unsealing the \"vault\" key, a list of PCRs is used, which defines which PCRs\nare used.\n\nIn a previous project, CYMOTIVE found that the configuration is not protected by the secure\nboot, and in response Zededa implemented measurements on the config partition that was\nmapped to PCR 13.\n\nIn that process, PCR 13 was added to the list of PCRs that seal/unseal the key.\n\nIn commit \"56e589749c6ff58ded862d39535d43253b249acf\", the config partition\nmeasurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list of\nPCRs that seal/unseal the key.\n\nThis change makes the measurement of PCR 14 effectively redundant as it would not affect\nthe sealing/unsealing of the key.\n\n\n\nAn attacker could modify the config partition without triggering the measured boot, this could\nresult in the attacker gaining full control over the device with full access to the contents of the\nencrypted \"vault\"\n\n\n\n\n","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2023-43634","url":"https://www.suse.com/security/cve/CVE-2023-43634"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"Advisory link for SUSE-SU-2026:0403-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2026-February/024084.html"}],"title":"SUSE CVE CVE-2023-43634","tracking":{"current_release_date":"2026-02-12T01:18:09Z","generator":{"date":"2026-02-08T00:41:29Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2023-43634","initial_release_date":"2026-02-08T00:41:29Z","revision_history":[{"date":"2026-02-08T00:41:29Z","number":"2","summary":"references added,severity changed from  to important"},{"date":"2026-02-12T01:18:09Z","number":"3","summary":"references added"}],"status":"interim","version":"3"}}}