CVE-2025-1292 | THREATINT

Description

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

PUBLISHED Reserved 2025-02-13 | Published 2025-04-15 | Updated 2025-04-17 | Assigner ChromeOS

Problem types

Out-of-bounds Write

Product status

Default status

unaffected

122.0.6261.132

affected

References

issuetracker.google.com/issues/324336238

issues.chromium.org/issues/b/324336238

cve.org (CVE-2025-1292)

nvd.nist.gov (CVE-2025-1292)

Download JSON