CVE-2023-3674 Keylime: attestation failure when the quote's signature does not validate

🗓️ 19 Jul 2023 18:25:28Reported by redhatType

Keylime attestation verifier flaw in failing to flag devices

Reporter	Title	Published	Views	Family All 30
Tenable Nessus	AlmaLinux 9 : keylime (ALSA-2024:1139)	7 Mar 202400:00	–	nessus
Tenable Nessus	MiracleLinux 9 : keylime-7.3.0-13.el9_3 (AXSA:2024-7584:01)	20 Jan 202600:00	–	nessus
Tenable Nessus	Oracle Linux 9 : keylime (ELSA-2024-1139)	6 Mar 202400:00	–	nessus
Tenable Nessus	RHEL 9 : keylime (RHSA-2024:1139)	5 Mar 202400:00	–	nessus
Tenable Nessus	Rocky Linux 9 : keylime (RLSA-2024:1139)	14 May 202400:00	–	nessus
AlmaLinux	Low: keylime security update	5 Mar 202400:00	–	almalinux
Circl	CVE-2023-3674	19 Jul 202322:21	–	circl
CNNVD	Keylime 安全漏洞	19 Jul 202300:00	–	cnnvd
CVE	CVE-2023-3674	19 Jul 202318:25	–	cve
Oracle linux	keylime security update	6 Mar 202400:00	–	oraclelinux

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "keylime",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:7.3.0-13.el9_3",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2023-3674
access	www.access.redhat.com/errata/RHSA-2024:1139
github	www.github.com/keylime/keylime/commit/95ce3d86bd2c53009108ffda2dcf553312d733db
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

21 Nov 2025 05:59Current

3.8Low risk

Vulners AI Score3.8

CVSS 3.12.3

EPSS0.00028

CWE-1283