Bug 2222903 (CVE-2023-3674) - CVE-2023-3674 keylime: Attestation failure when the quote's signature does not validate
Summary: CVE-2023-3674 keylime: Attestation failure when the quote's signature does no...
Keywords:
Status: NEW
Alias: CVE-2023-3674
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
Jan Fiala
URL:
Whiteboard:
Depends On: 2222908 2222909
Blocks: 2222904
TreeView+ depends on / blocked
 
Reported: 2023-07-14 12:26 UTC by Mauro Matteo Cascella
Modified: 2024-03-05 18:12 UTC (History)
6 users (show)

Fixed In Version: keylime 7.2.5, keylime 7.3.0
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:1139 0 None None None 2024-03-05 18:12:36 UTC

Description Mauro Matteo Cascella 2023-07-14 12:26:17 UTC 
The keylime attestation verifier fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log but not flag the device as being untrusted.

To exploit this bug, a non-privileged user would have to modify the keylime agent to create invalid quotes a could then use invalid measurement lists to hide the trust state of a system. He would then have to trick the administrator in using the user's modified keylime agent.

Upstream fix:
https://github.com/keylime/keylime/commit/95ce3d86bd2c53009108ffda2dcf553312d733db
Comment 1 Mauro Matteo Cascella 2023-07-14 12:40:38 UTC 
Created keylime tracking bugs for this issue:

Affects: fedora-all [bug 2222908]
Comment 5 errata-xmlrpc 2024-03-05 18:12:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:1139 https://access.redhat.com/errata/RHSA-2024:1139
Note You need to log in before you can comment on or make changes to this bug.