CVE-2023-3674

CVSS v4.0

4.6

Medium

Vector

AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions keylime (affected versions not specified)

Description A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1283

Related Identifiers

ALSA-2024:1139

CVE-2023-3674

GHSA-G4WG-CFPF-9689

INFSA-2024_1139

OPENSUSE-SU-2024:14051-1

PYSEC-2023-128

RHSA-2024:1139

RHSA-2024_1139

RLSA-2024:1139

Affected Products

Almalinux

Red Hat

Rocky Linux

Keylime

CVE-2023-3674

Weakness Enumeration

Related Identifiers

Affected Products

References · 19