{"api_version":"1","generated_at":"2026-07-01T10:38:08+00:00","cve":"CVE-2017-16837","urls":{"html":"https://cve.report/CVE-2017-16837","api":"https://cve.report/api/cve/CVE-2017-16837.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-16837","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-16837"},"summary":{"title":"CVE-2017-16837","description":"Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.","state":"PUBLISHED","assigner":"mitre","published_at":"2017-11-16 02:29:05","updated_at":"2025-04-20 01:37:25"},"problem_types":["CWE-20","n/a"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.6","severity":"","vector":"AV:L/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/","name":"https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"Trusted Boot / Code / Commit [521c58]","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.usenix.org/conference/usenixsecurity18/presentation/han","name":"https://www.usenix.org/conference/usenixsecurity18/presentation/han","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping | USENIX","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-16837","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16837","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"16837","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trusted_boot_project","cpe5":"trusted_boot","cpe6":"1.9.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2017","cve_id":"16837","cve":"CVE-2017-16837","epss":"0.001170000","percentile":"0.301420000","score_date":"2026-05-13","updated_at":"2026-05-14 00:03:18"},"legacy_qids":[{"cve":"CVE-2017-16837","qid":"670220","title":"EulerOS Security Update for tboot (EulerOS-SA-2021-1855)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T20:35:21.256Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.usenix.org/conference/usenixsecurity18/presentation/han"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2017-11-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-08-17T17:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/"},{"tags":["x_refsource_MISC"],"url":"https://www.usenix.org/conference/usenixsecurity18/presentation/han"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-16837","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/","refsource":"MISC","url":"https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/"},{"name":"https://www.usenix.org/conference/usenixsecurity18/presentation/han","refsource":"MISC","url":"https://www.usenix.org/conference/usenixsecurity18/presentation/han"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2017-16837","datePublished":"2017-11-16T02:00:00.000Z","dateReserved":"2017-11-15T00:00:00.000Z","dateUpdated":"2024-08-05T20:35:21.256Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2017-11-16 02:29:05","lastModifiedDate":"2025-04-20 01:37:25","problem_types":["CWE-20","n/a"],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trusted_boot_project:trusted_boot:1.9.6:*:*:*:*:*:*:*","matchCriteriaId":"2CCD6682-6DCC-4A70-AA1A-B61585A62068"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"16837","Ordinal":"1","Title":"CVE-2017-16837","CVE":"CVE-2017-16837","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"16837","Ordinal":"1","NoteData":"Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.","Type":"Description","Title":"CVE-2017-16837"},{"CveYear":"2017","CveId":"16837","Ordinal":"2","NoteData":"2017-11-15","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"16837","Ordinal":"3","NoteData":"2018-08-17","Type":"Other","Title":"Modified"}]}}}