Vulnerabilities > CVE-2023-3674

047910
CVSS 2.8 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
local
low complexity
keylime
fedoraproject
NVD
Published: 2023-07-19
Updated: 2024-04-25

Summary

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.

Vulnerable Configurations

Part Description Count
Application
Keylime
52
OS
Fedoraproject
1

References