12 matches found
EUVD-2023-0105
Malicious code in bioql PyPI...
AlmaLinux 9 : keylime (ALSA-2024:1139)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1139 advisory. - A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate f...
Oracle Linux 9 : keylime (ELSA-2024-1139)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1139 advisory. 7.3.0-13 - Backport fix for CVE-2023-3674 Resolves: RHEL-21013 Tenable has extracted the preceding description block directly from the Oracle Linux security...
CVE-2023-3674
A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted...
CVE-2023-3674
A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted...
PYSEC-2023-128
A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted...
Design/Logic Flaw
A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted...
PYSEC-2023-128
A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted...
CVE-2023-3674 Keylime: attestation failure when the quote's signature does not validate
A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted...
CVE-2023-3674
Keylime CVE-2023-3674 affects the attestation verifier, where a TPM quote with an invalid signature is not flagged as faulty by the verifier (logged as an error instead of marking the device untrusted). Connected advisories confirm a fix was backported in various OS releases (e.g., RHEL/OpenELinu...
CVE-2023-3674 Keylime: attestation failure when the quote's signature does not validate
A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted...
GHSA-99CG-575X-774P Go-Attestation Improper Input Validation with attacker-controlled TPM Quote
Impact An improper input validation vulnerability in go-attestation before 0.4.0 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the...