Sergio Correia

**Name of the Vulnerable Software and Affected Versions** keylime versions prior to 6.5.1 **Description** The issue is related to improperly handled exceptions in keylime, which can be exploited to create errors on the verifier, stopping attestation attempts and leaving a host in an attested state without verification. This creates a false sense of security for keylime users, as they may conclude that a node or agent is correctly attested when attestations are not taking place. The vulnerability can be triggered by transient network failure conditions, such as recoverable device driver crashes. **Recommendations** For versions prior to 6.5.1, apply the patch available at https://github.com/keylime/keylime/pull/1128/files to fix the issue. Only running verifiers need to be patched, and after applying the patch, the keylime verifier needs to be restarted.