Impact
A defect in the Caliptra Core Runtime Firmware’s aes_256_gcm_update module causes the GCM authentication tag to omit the first batch of ciphertext when the Additional Authenticated Data (AAD) is empty. Consequently, an attacker can alter the first block of encrypted data without the resulting tag detecting the tampering, potentially compromising data integrity.
Affected Systems
The vulnerability affects Caliptra Core Runtime Firmware versions 2.0.0 through 2.0.1 and 2.1.0.
Risk and Exploitability
The CVSS score of 5.1 indicates moderate severity, but the lack of an EPSS score and absence from the CISA KEV catalog suggest a lower likelihood of widespread exploitation at this time. The likely attack vector is an attacker who can supply crafted ciphertext to the streaming AES‑256‑GCM API, such as through a compromised communication channel or a malicious firmware component. With AAD empty, the missing GHASH accumulator state permits a modification that goes unchecked by the tag.
OpenCVE Enrichment