Bug 1515198 (CVE-2017-16837)

Summary: CVE-2017-16837 tboot: Incorrect validation of certain function pointers
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: dcantrell, eparis, gang.wei, tcamuso
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-21 07:06:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1515199    
Bug Blocks: 1515202    

Description Andrej Nemec 2017-11-20 11:37:28 UTC 
Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.

References:

https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/
Comment 1 Andrej Nemec 2017-11-20 11:37:59 UTC 
Created tboot tracking bugs for this issue:

Affects: fedora-all [bug 1515199]
Comment 2 Doran Moppert 2017-12-21 07:06:29 UTC 
The main issue here is an "evil maid"-style attack, where the attacker has physical access to the target machine and uses this to modify /boot/tboot.gz to run arbitrary code at boot time.  This could be a concern if disk encryption keys are stored sealed in the TPM .. but in this scenario there are lots of other attack vectors (physical/hardware as well), so I see no urgency to fix this.