Keylime is a remote attestation solution. In some rare circumstances, an operating system level failure -- such as a network driver crash -- happens and keylime error handling procedures do not properly treat this situation, causing the verifier component to quit and not recover. The verifier's state machine remains in "verified" state and the associated database is no longer updated for this agent. The expected outcome here, as with other communication failures, would be that keylime would retry and recover. This does not happen in this situation. There's some more details in the PR fixing the issue, at https://github.com/keylime/keylime/pull/1128 Reproducers: No known reproducers; this was encountered in some scale testing and did not happen quickly or reliably. Affected versions: < 6.5.1 Patched versions: 6.5.1
Created keylime tracking bugs for this issue: Affects: fedora-all [bug 2138170]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8444 https://access.redhat.com/errata/RHSA-2022:8444
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-3500