Bug 1204782 - (CVE-2022-3500) VUL-0: CVE-2022-3500: keylime: a node can seems as attested when in reality it is not properly attested
VUL-0: CVE-2022-3500: keylime: a node can seems as attested when in reality i...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other SLES 15
: P3 - Medium : Normal
: ---
Assigned To: Alberto Planas Dominguez
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2022-10-27 07:31 UTC by Alberto Planas Dominguez
Modified: 2022-11-23 20:23 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alberto Planas Dominguez 2022-10-27 07:31:01 UTC

This vulnerability creates a false sense of security for keylime users -- i.e. a user could query keylime and conclude that a parcitular node/agent is correctly attested, while attestations are not in fact taking place.

Short explanation: the keylime verifier creates periodic reports on the state of each attested agent. The keylime verifier runs a set of python asynchronous processes to challenge attested nodes and create reports on the outcome.

The vulnerability consists of the above named python asynchronous processes failing silently, i.e. quitting without leaving behind a database entry, raising an error or producing even a mention of an error in a log. The silent failure can be triggered by a small set of transient network failure conditions; recoverable device driver crashes being one such condition we saw in the wild.
Comment 10 Alberto Planas Dominguez 2022-11-02 15:35:06 UTC
Already published: https://access.redhat.com/security/cve/CVE-2022-3500
Comment 13 Swamp Workflow Management 2022-11-23 20:23:42 UTC
SUSE-SU-2022:4204-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1204782
CVE References: CVE-2022-3500
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    keylime-6.3.2-150400.4.14.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    keylime-6.3.2-150400.4.14.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.