CVE-2025-1122

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0  stable on Cr50 Boards allows an attacker with root access to gain persistence and 
Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ChromeOSCNA
---
---
CISA-ADPADP
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
googlechrome
122.0.6261.132
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://issues.chromium.org/issues/b/324336238
https://issuetracker.google.com/issues/324336238