A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1932469 | Issue Tracking Third Party Advisory |
https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m | Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAWKEF2LVXUME266T6RNRVBGAD375QAT/ |
Configurations
History
07 Nov 2023, 03:37
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
27 Oct 2022, 12:51
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-295 |
23 Mar 2021, 01:06
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAWKEF2LVXUME266T6RNRVBGAD375QAT/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
19 Mar 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Mar 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1932469 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m - Third Party Advisory | |
CPE | cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
25 Feb 2021, 20:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-25 20:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-3406
Mitre link : CVE-2021-3406
CVE.ORG link : CVE-2021-3406
JSON object : View
Products Affected
fedoraproject
- fedora
keylime
- keylime