Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-3500

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.

Published

2022-11-22T19:15:17.833

Last Modified

2025-04-29T05:15:43.243

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.1 (MEDIUM)

Weaknesses

Type: Primary
CWE-248

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	keylime	keylime	< 6.5.1	Yes
Operating System	redhat	enterprise_linux	9.0	Yes
Operating System	fedoraproject	fedora	35	Yes
Operating System	fedoraproject	fedora	36	Yes
Operating System	fedoraproject	fedora	37	Yes

References

https://access.redhat.com/security/cve/CVE-2022-3500 Third Party Advisory ([email protected])
https://github.com/keylime/keylime/pull/1128 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUTHMDVFNGGVPCNPOGULMJAAFEP7MEXP/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QX4XVCAUFGJ2I2NCTOKONTJGRJB2NBBT/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQH5CJRX65QYMQN5WGUKKKE3IRJBWG5Z/ ([email protected])
https://access.redhat.com/security/cve/CVE-2022-3500 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/keylime/keylime/pull/1128 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUTHMDVFNGGVPCNPOGULMJAAFEP7MEXP/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QX4XVCAUFGJ2I2NCTOKONTJGRJB2NBBT/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQH5CJRX65QYMQN5WGUKKKE3IRJBWG5Z/ (af854a3a-2127-422b-91ae-364da2661108)