Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

GHSA-5h7v-g49c-h887 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceGHSA-5h7v-g49c-h887

GHSA-5h7v-g49c-h887

MEDIUM6.7

EVE Doesn't Protect Rootfs

Published Feb 4, 2026

Modified 1 months ago

Fix available

Details

Impact

Measured boot validates BIOS, grub, kernel cmdline, and initrd but not the entire rootfs. Thus, an attacker can create an EVE-OS rootfs squashfs image with some files modified and take out the disk and replace the existing rootfs image without that being detected by measure boot and remote attestation.

Patches

Fixed in 8.6.0 and 8.12.1-lts

Workarounds

None

Affected Packages

github.com/lf-edge/eve/pkg/grub

Go

Fixed in:

0.0.0-20220708121648-5fef4d92e758

References

https://asrg.io/security-advisories/19274

https://asrg.io/security-advisories/cve-2023-43636

https://github.com/advisories/GHSA-5h7v-g49c-h887

https://github.com/lf-edge/eve

https://github.com/lf-edge/eve/commit/5fef4d92e75838cc78010edaed5247dfbdae1889

https://github.com/lf-edge/eve/commit/aa3501d6c57206ced222c33aea15a9169d629141

https://github.com/lf-edge/eve/security/advisories/GHSA-5h7v-g49c-h887

https://nvd.nist.gov/vuln/detail/CVE-2023-43636

Aliases

CVSS Analysis

CVSS v3.1

6.7

Exploitability

Attack Vector

PhysicalAV:P

Attack Complexity

HighAC:H

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

ChangedS:C

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

NoneA:N

6.7/CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Related

Ecosystems

Timeline

PublishedFeb 4, 2026

ModifiedFeb 4, 2026