8 matches found
OPENSUSE-SU-2026:21025-1 Security update for keylime
This update for keylime fixes the following issue - CVE-2026-6420: use of hardcoded challenge nonce for TPM quote attestation allows for security bypass bsc1264265. Changes for keylime: - Update to version 7.14.2...
SUSE CVE-2026-40097
Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...
Step CA affected by an index out of bounds panic in TPM attestation EKU validation
Summary An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device attestation. Details When processing a device-attest-01 ACME challenge using TPM attestation, Step CA...
EUVD-2026-21506
Step CA affected by an index out of bounds panic in TPM attestation EKU validation...
CVE-2026-40097 Step CA affected by an index out of bounds panic in TPM attestation EKU validation
Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...
PT-2026-31991
Name of the Vulnerable Software and Affected Versions Step CA versions 0.24.0 through 0.30.0-rc3 Description An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device...
GO-2023-1583 User data in TPM attestation vulnerable to MITM in github.com/edgelesssys/constellation
User data in TPM attestation vulnerable to MITM in github.com/edgelesssys/constellation...
Microsoft Guidance for Addressing Security Feature Bypass in GRUB
Executive Summary Microsoft is aware of a vulnerability in the GRand Unified Boot Loader GRUB, commonly used by Linux. This vulnerability, known as “There’s a Hole in the Boot”, could allow for Secure Boot bypass. To exploit this vulnerability, an attacker would need to have administrative...