CVE-2023-3674

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.
Configurations

Configuration 1 (hide)

cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

History

25 Apr 2024, 13:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1139 -

28 Jul 2023, 14:18

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 2.8
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2222903 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2222903 - Issue Tracking, Patch, Third Party Advisory
References (MISC) https://github.com/keylime/keylime/commit/95ce3d86bd2c53009108ffda2dcf553312d733db - (MISC) https://github.com/keylime/keylime/commit/95ce3d86bd2c53009108ffda2dcf553312d733db - Patch
References (MISC) https://access.redhat.com/security/cve/CVE-2023-3674 - (MISC) https://access.redhat.com/security/cve/CVE-2023-3674 - Third Party Advisory
First Time Fedoraproject
Fedoraproject fedora
Keylime keylime
Keylime
CPE cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
CWE NVD-CWE-Other

19 Jul 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-19 19:15

Updated : 2024-04-25 13:15


NVD link : CVE-2023-3674

Mitre link : CVE-2023-3674

CVE.ORG link : CVE-2023-3674


JSON object : View

Products Affected

fedoraproject

  • fedora

keylime

  • keylime
CWE
NVD-CWE-Other CWE-1283

Mutable Attestation or Measurement Reporting Data