Out-of-Bounds Write in chromeOS TPM2 lib on Cr50 (15753.50.0)
CVE-2025-1122 Published on April 15, 2025
Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.
Vulnerability Analysis
CVE-2025-1122 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2025-1122. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Memory Corruption Vulnerability?
The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
CVE-2025-1122 has been classified to as a Memory Corruption vulnerability or weakness.
Products Associated with CVE-2025-1122
stack.watch emails you whenever new vulnerabilities are published in Google Chrome or Google ChromeOS. Just hit a watch button to start following.
Affected Versions
Google ChromeOS:- Version 15753.50.0 and below 15753.50.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.