Description
A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1932469
Third Party Advisory x_refsource_misc
https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAWKEF2LVXUME266T6RNRVBGAD375QAT/
Scores
CVSS v3
9.8
EPSS
0.0066
EPSS Percentile
46.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-295
CWE-347
Status
published
Products (2)
fedoraproject/fedora
34
keylime/keylime
< 5.8.1
Published
Feb 25, 2021
Tracked Since
Feb 18, 2026