CVE-2025-1292

TPM2 Out-Of-Bounds Write Leading to Potential Operating System Verification Bypass in ChromeOS

Description

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

INFO

Published Date :

2025-04-15T19:46:26.679Z

Last Modified :

2025-04-17T19:41:04.480Z

Source :

ChromeOS

AFFECTED PRODUCTS

The following products are affected by CVE-2025-1292 vulnerability.

Vendors	Products
Google	Chrome Chrome Os

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-1292.

URL	Resource
https://issues.chromium.org/issues/b/324336238
https://issuetracker.google.com/issues/324336238

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact