Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-3674

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.

Published

2023-07-19T19:15:12.213

Last Modified

2024-11-21T08:17:48.590

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 2.3 (LOW)

Weaknesses

Type: Secondary
CWE-1283
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	keylime	keylime	< 7.2.5	Yes
Operating System	fedoraproject	fedora	38	Yes

References

https://access.redhat.com/errata/RHSA-2024:1139 ([email protected])
https://access.redhat.com/security/cve/CVE-2023-3674 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2222903 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://github.com/keylime/keylime/commit/95ce3d86bd2c53009108ffda2dcf553312d733db Patch ([email protected])
https://access.redhat.com/errata/RHSA-2024:1139 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-3674 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2222903 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/keylime/keylime/commit/95ce3d86bd2c53009108ffda2dcf553312d733db Patch (af854a3a-2127-422b-91ae-364da2661108)