VYPR
Unrated severityNVD Advisory· Published Apr 15, 2025· Updated Apr 17, 2025

TPM2 Out-Of-Bounds Write Leading to Potential Operating System Verification Bypass in ChromeOS

CVE-2025-1292

Description

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

Affected products

2
  • Google/Chromellm-fuzzy2 versions
    122.0.6261.132+ 1 more
    • (no CPE)range: 122.0.6261.132
    • (no CPE)range: 122.0.6261.132

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.