Linuxfoundation Edge Virtualization Engine — known CVE vulnerabilities
Every CVE whose affected-product data names Linuxfoundation Edge Virtualization Engine, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2023-43632 — CVSS 9.0 (critical): As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited…
CVE-2023-43630 — CVSS 8.8 (high): PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit…
CVE-2023-43631 — CVSS 8.8 (high): On boot, the Pillar eve container checks for the existence and content of “/config/authorized_keys”. If the file is present, and…
CVE-2023-43635 — CVSS 8.8 (high): Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the…
CVE-2023-43636 — CVSS 8.8 (high): In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per…