Back to bug 2222903
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Mauro Matteo Cascella | 2023-07-14 12:28:05 UTC | Blocks | 2222904 | |
| Mauro Matteo Cascella | 2023-07-14 12:39:56 UTC | Alias | CVE-2023-3674 | |
| Summary | TRIAGE keylime: attestation failure when the quote's signature does not validate | CVE-2023-3674 keylime: attestation failure when the quote's signature does not validate | ||
| Mauro Matteo Cascella | 2023-07-14 12:40:35 UTC | Depends On | 2222909, 2222908 | |
| Pedro Sampaio | 2023-07-17 19:29:16 UTC | Doc Text | The keylime attestation verifier fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log but not flag the device as being untrusted. | |
| Pedro Sampaio | 2023-07-17 19:29:58 UTC | Summary | CVE-2023-3674 keylime: attestation failure when the quote's signature does not validate | CVE-2023-3674 keylime: Attestation failure when the quote's signature does not validate |
| Paige Jung | 2023-07-17 19:48:07 UTC | Doc Text | The keylime attestation verifier fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log but not flag the device as being untrusted. | A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted. |
| Pedro Sampaio | 2023-07-17 19:59:47 UTC | Fixed In Version | keylime 7.2.5, keylime 7.3.0 |
Back to bug 2222903