Security Advisory

CVE-2025-1292

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-04-15 19:46:26

Last updated 2025-04-17 19:41:04

Assigner ChromeOS

State PUBLISHED

Description

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

← Browse all CVEs View on cve.org ↗