CVE-2022-1053Improper Input Validation in Keylime

CWE-20Improper Input Validation4 documents3 sources
Severity
9.1CRITICALNVD
EPSS
0.5%
top 35.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
KeylimeFedoraproject Fedora
Timeline
PublishedMay 6

Description

Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. A successful attack breaks the entire chain of trust because a not validated AK is used by the verifier. This issue is worse if the validation happens first and then the agent gets

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

NVDkeylime/keylime< 6.4.0
PyPIkeylime/keylime< 6.4.0+1
CVEListV5keylime/keylimeAffects keylime v6.4.0 and prior, Fixed in – v6.4.0

Also affects: Fedora 34, 35, 36

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
CVE-2022-1053: Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifie2022-05-06
GHSA
Tenant and Verifier might not use the same registrar data2022-05-05
OSV
Tenant and Verifier might not use the same registrar data2022-05-05