A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1932469 | Issue Tracking Third Party Advisory |
https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m | Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAWKEF2LVXUME266T6RNRVBGAD375QAT/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2021-02-25T19:15:57
Updated: 2021-03-19T21:06:16
Reserved: 2021-02-09T00:00:00
Link: CVE-2021-3406
JSON object: View
NVD Information
Status : Modified
Published: 2021-02-25T20:15:11.707
Modified: 2023-11-07T03:37:59.147
Link: CVE-2021-3406
JSON object: View
Redhat Information
No data.