A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2024:1139 | |
https://access.redhat.com/security/cve/CVE-2023-3674 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2222903 | Issue Tracking Patch Third Party Advisory |
https://github.com/keylime/keylime/commit/95ce3d86bd2c53009108ffda2dcf553312d733db | Patch |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2023-07-19T18:25:28.581Z
Updated: 2024-05-01T20:20:47.491Z
Reserved: 2023-07-14T12:39:01.155Z
Link: CVE-2023-3674
JSON object: View
NVD Information
Status : Modified
Published: 2023-07-19T19:15:12.213
Modified: 2024-04-25T13:15:50.787
Link: CVE-2023-3674
JSON object: View
Redhat Information
No data.