Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList()
GHSA-9r4w-jg96-92mv
Published · Modified
Description
Summary
parseEfiSignatureList() in attest/internal/events.go does not skip SignatureHeaderSize vendor bytes before reading EFI_SIGNATURE_LIST signature entries, violating UEFI specification section 31.4.1.
Impact
For hashSHA256SigGUID lists, attacker-controlled vendor header bytes are appended directly to the trusted SHA256 hash list. A crafted TPM event log can inject arbitrary SHA256 hashes into the verifier's trusted measurement database, allowing a remote attestation verifier to accept a compromised boot state as legitimate — breaking the core integrity guarantee of remote attestation.
Root Cause
After binary.Read(&signatures.Header) reads 28 bytes, buf points to the start of the SignatureHeaderSize vendor bytes. Both entry loops start at sigOffset := 0 instead of sigOffset := SignatureHeaderSize, causing vendor bytes to be read as signature entries.
Affected versions
All versions through commit f877374 (2026-05-15).
Fix
Pull request: https://github.com/google/go-attestation/pull/502
- Add bound check:
SignatureHeaderSizemust not exceed remaining list space - Skip
SignatureHeaderSizebytes before both entry loops - Regression test:
TestParseEfiSignatureListNonZeroSignatureHeaderSize
References
- WEB https://github.com/google/go-attestation/security/advisories/GHSA-9r4w-jg96-92mv
- WEB https://github.com/google/go-attestation/pull/502
- WEB https://github.com/google/go-attestation/commit/b6e905e7ae52937f02b5ca494dd1c6a3ac7a1003
- PACKAGE https://github.com/google/go-attestation
- WEB https://github.com/google/go-attestation/releases/tag/v0.6.0
Ready to move
Start Securing
Free, no credit card | First findings in minutes