A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.
History

Thu, 26 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-07-19T18:25:28.581Z

Updated: 2024-11-24T12:05:47.671Z

Reserved: 2023-07-14T12:39:01.155Z

Link: CVE-2023-3674

cve-icon Vulnrichment

Updated: 2024-08-02T07:01:57.372Z

cve-icon NVD

Status : Modified

Published: 2023-07-19T19:15:12.213

Modified: 2024-11-21T08:17:48.590

Link: CVE-2023-3674

cve-icon Redhat

Severity : Low

Publid Date: 2023-07-12T00:00:00Z

Links: CVE-2023-3674 - Bugzilla