A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2024:1139 | |
https://access.redhat.com/security/cve/CVE-2023-3674 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2222903 | Issue Tracking Patch Third Party Advisory |
https://github.com/keylime/keylime/commit/95ce3d86bd2c53009108ffda2dcf553312d733db | Patch |
Configurations
History
25 Apr 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Jul 2023, 14:18
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 2.8 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2222903 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://github.com/keylime/keylime/commit/95ce3d86bd2c53009108ffda2dcf553312d733db - Patch | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-3674 - Third Party Advisory | |
First Time |
Fedoraproject
Fedoraproject fedora Keylime keylime Keylime |
|
CPE | cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-Other |
19 Jul 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-19 19:15
Updated : 2024-04-25 13:15
NVD link : CVE-2023-3674
Mitre link : CVE-2023-3674
CVE.ORG link : CVE-2023-3674
JSON object : View
Products Affected
fedoraproject
- fedora
keylime
- keylime
CWE