CVE-2022-3500

MEDIUM

keylime - Info Disclosure

Title source: llm

Description

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.

References (5)

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQH5CJRX65QYMQN5WGUKKKE3IRJBWG5Z/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QX4XVCAUFGJ2I2NCTOKONTJGRJB2NBBT/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUTHMDVFNGGVPCNPOGULMJAAFEP7MEXP/

[Third Party Advisory] https://access.redhat.com/security/cve/CVE-2022-3500

[Issue Tracking, Patch, Third Party Advisory] https://github.com/keylime/keylime/pull/1128

Scores

CVSS v3 5.1

EPSS 0.0015

EPSS Percentile 35.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-248

Status published

Products (6)

fedoraproject/fedora 35

fedoraproject/fedora 36

fedoraproject/fedora 37

keylime/keylime < 6.5.1

pypi/keylime 0 - 6.5.1PyPI

redhat/enterprise_linux 9.0

Published Nov 22, 2022

Tracked Since Feb 18, 2026