Feb 4, 2026·6 min read·18 visits
EVE OS developers moved the configuration partition measurement to TPM PCR 14 but forgot to tell the TPM to check it. Attackers can modify system configs (like SSH keys) without preventing the device from unlocking its encrypted vault.
A critical oversight in the EVE OS Trusted Platform Module (TPM) implementation allowed attackers to bypass Measured Boot protections. By failing to include Platform Configuration Register (PCR) 14 in the sealing policy, the system permitted unauthorized modifications to the configuration partition without locking the encryption keys.
Imagine a high-security vault that requires a retina scan, a fingerprint, and a voice print to open. It’s impenetrable. Now imagine the security guard decides to stop checking the voice print because he's tired, but he doesn't tell anyone. That is effectively what happened inside EVE OS.
EVE OS relies on a hardware root of trust—the Trusted Platform Module (TPM)—to implement 'Measured Boot'. The idea is simple: as the device boots, it calculates cryptographic hashes of every component (BIOS, bootloader, kernel, config) and stores them in Platform Configuration Registers (PCRs).
The device's 'vault' key (which decrypts your data) is 'sealed' against these PCRs. The TPM is essentially told: 'Only release this key if PCR 0 through PCR 13 look exactly like they did when we set this up.' If a hacker modifies the kernel, the hash changes, the PCR values mismatch, and the TPM tells the hacker to get lost. The vault stays locked.
But in CVE-2023-43634, we found out that EVE OS was strictly checking the front door while leaving the garage side-door wide open. They were measuring a critical component, but they weren't actually checking the measurement.
The root cause of this vulnerability is a classic case of 'I thought you handled that.' In the world of TPMs, different PCR indices are reserved for different things. Historically, EVE OS measured its configuration partition into PCR 13. This partition holds the keys to the kingdom—API endpoints, authorized SSH keys, and system settings.
At some point, a developer decided to clean house. In commit 56e5897, the measurement of the configuration partition was moved from PCR 13 to PCR 14. This makes sense organizationally. It keeps things tidy.
However, there are two steps to this dance: 1) Measure the data into the register, and 2) Tell the TPM to validate that register before unsealing the keys. They did step 1 perfectly. They completely forgot step 2.
The DiskKeySealingPCRs list—the policy that dictates what the TPM checks—was never updated to include PCR 14. So, every time the device booted, it dutifully measured the config into PCR 14, and then the TPM dutifully ignored it, checking only 0 through 13. You could rewrite the entire configuration partition, changing the value of PCR 14 entirely, and the TPM would still happily hand over the encryption keys.
Let's look at the code, because in Go, the mistake is almost painfully obvious once you know where to look. This is located in pkg/pillar/evetpm/tpm.go.
Here is the vulnerable code configuration:
// Vulnerable Code
// DiskKeySealingPCRs represents PCRs that we use for sealing
DiskKeySealingPCRs = tpm2.PCRSelection{
Hash: tpm2.AlgSHA1,
PCRs: []int{0, 1, 2, 3, 4, 6, 7, 8, 9, 13}
}Do you see 14 in that list? Neither do I. Also, notice the use of AlgSHA1. In 2023. That's a separate sin, but it adds flavor to the failure.
Here is the fix provided in the patch:
// Patched Code
// DiskKeySealingPCRs represents PCRs that we use for sealing
DiskKeySealingPCRs = tpm2.PCRSelection{
Hash: tpm2.AlgSHA256, // Upgraded to SHA256 (Nice)
PCRs: []int{0, 1, 2, 3, 4, 6, 7, 8, 9, 13, 14} // PCR 14 added
}The fix was literally two characters (adding 14) and a much-needed algorithm upgrade. Without that 14, the cryptographic chain of trust was broken at the configuration layer.
How does a researcher (or an attacker) actually weaponize this? EVE OS is designed for edge computing—boxes sitting in factories, wind turbines, or retail stores. Physical access is often trivial.
The Attack Chain:
config partition is usually read-only or integrity-protected, but since we are offline, we can modify the bits on the disk directly.authorized_keys file in the configuration partition to include their own public SSH key. Or, they change the controller URL to point to a malicious command-and-control server.During boot, the bootloader hashes the modified config. The hash is different. PCR 14 changes to a new, 'tainted' value.
The TPM looks at the policy. "Does PCR 0 match? Yes. PCR 1? Yes... PCR 13? Yes." It stops there. It never looks at the tainted PCR 14. The vault key unlocks, the system boots, and the attacker logs in via SSH with root privileges using the key they injected.
The severity here is classified as High (CVSS 8.8) for a reason. EVE OS creates a promise of security: "If the device is tampered with, it won't boot (or at least won't decrypt secrets)."
This vulnerability completely negates that promise for the configuration layer. This isn't just about reading data; it's about persistence. An attacker can backdoor a device, and the device itself—specifically the TPM which is supposed to prevent this—will vouch for the system's integrity.
Since this affects the sealing of the vault, an attacker gets access to:
The remediation is straightforward but requires action. The patch d9383a7ee4e1c39f5c8c6d4a63cb2ebd00695e8a fixes the issue by explicitly adding PCR 14 to the sealing list.
But simply applying the update isn't enough. Because the sealing policy is baked into the way the data is encrypted on disk, existing data is sealed with the old policy (ignoring PCR 14).
To fully remediate:
This is a harsh reminder that cryptography is only as good as its implementation. You can have the strongest algorithms in the world, but if you forget to check the register, you're just doing fancy math for no reason.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H| Product | Affected Versions | Fixed Version |
|---|---|---|
EVE OS LF-Edge | < 8.6.0 | 8.6.0 |
EVE OS LF-Edge | >= 9.0.0 < 9.5.0 | 9.5.0 |
| Attribute | Detail |
|---|---|
| CVE ID | CVE-2023-43634 |
| CVSS | 8.8 (High) |
| CWE | CWE-922 (Insecure Storage) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Attack Vector | Local (Physical/Storage) |
| Hash Upgrade | SHA1 -> SHA256 |
The product stores sensitive information without checking the integrity of the storage container or the configuration affecting access control.
CVE-2026-48861 is a client-side HTTP request-line CRLF (Carriage Return Line Feed) injection vulnerability in the popular Elixir HTTP client library, Mint. The vulnerability permits HTTP Request Splitting and HTTP Request Smuggling when an application forwards untrusted, attacker-controlled inputs to Mint's HTTP client requests as either the HTTP request method or target. By embedding CRLF characters within these parameters, an attacker can terminate the request line prematurely, inject malicious headers, or pipeline entirely independent requests. These smuggled requests are then processed by upstream or downstream proxy servers as separate HTTP queries on the same TCP connection. While Mint version 1.7.0 introduced target validation to secure the request target, the HTTP request method parameter remained completely unvalidated. This flaw allows attackers to bypass routing filters, access restricted internal APIs, or poison HTTP caches under default configurations.
An Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) vulnerability in the Elixir Mint HTTP client allows attacker-controlled HTTP/1 servers to desynchronize response framing on shared connections due to over-lenient parsing of sign-prefixed Content-Length headers.
An allocation of resources without limits or throttling vulnerability in Elixir Mint allows an attacker-controlled HTTP/2 server to exhaust memory in a Mint client. The vulnerability is exploited by sending a HEADERS frame without the END_HEADERS flag followed by an infinite stream of CONTINUATION frames. Because the client lacks limits on the incoming header-block accumulator, the client continuously consumes memory until an out-of-memory crash occurs.
CVE-2026-48596 is an Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting, CWE-113) in the Elixir Tesla HTTP client. The flaw resides in how multipart content-type parameters are joined and serialized, enabling attackers to inject arbitrary headers or split HTTP requests when applications pass untrusted inputs to the parameters of multipart uploads.
An improper handling of highly compressed data (decompression bomb) vulnerability exists in the Elixir Tesla HTTP client when utilizing response decompression middlewares. By serving highly compressed responses or stacked content-encoding headers, a malicious server can cause arbitrary heap exhaustion, leading to a denial of service (DoS) crash in the BEAM virtual machine.
A high-severity security vulnerability in Elixir's Tesla HTTP client library (CVE-2026-48595) allows unauthenticated remote attackers to harvest sensitive credentials, including Authorization headers and cookies. The flaw resides in the 'Tesla.Middleware.FollowRedirects' component, which performs case-sensitive lookups when stripping credentials during cross-origin redirects. Because HTTP headers are case-insensitive by RFC specifications, standard canonical casing (e.g., 'Authorization') bypasses the lowercase-only blocklist, leaking tokens to untrusted external redirect destinations.