1213347 – (CVE-2023-3674) VUL-0: CVE-2023-3674: keylime: attestation failure when the quote's signature does not validate

Bug 1213347 (CVE-2023-3674) - VUL-0: CVE-2023-3674: keylime: attestation failure when the quote's signature does not validate

Summary: VUL-0: CVE-2023-3674: keylime: attestation failure when the quote's signature...

Status:	NEW

Alias:	CVE-2023-3674

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Alberto Planas Dominguez
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/372552/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-07-14 14:09 UTC by Robert Frohl
Modified:	2023-07-17 12:17 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Frohl 2023-07-14 14:09:59 UTC

CVE-2023-3674

The keylime attestation verifier fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log but not flag the device as being untrusted.

To exploit this bug, a non-privileged user would have to modify the keylime agent to create invalid quotes a could then use invalid measurement lists to hide the trust state of a system. He would then have to trick the administrator in using the user's modified keylime agent.

Upstream fix:
https://github.com/keylime/keylime/commit/95ce3d86bd2c53009108ffda2dcf553312d733db

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3674
https://bugzilla.redhat.com/show_bug.cgi?id=2222903