Main Vulnerability Database SB2022050459

SB2022050459 - Improper access control in keylime

Published: May 4, 2022 Updated: May 7, 2026

Security Bulletin ID SB2022050459

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper access control (CVE-ID: CVE-2022-1053)

The vulnerability allows a remote attacker to bypass TPM-based attestation validation.

The vulnerability exists due to improper access control in registrar data handling when validating the EK and identity quote and validating the integrity quote. A remote attacker can provide mismatched AK and EK data to bypass TPM-based attestation validation.

The issue can break the chain of trust because the verifier may use an AK that was not validated, and exploitation is easier when validation occurs before the agent is added to the verifier.

Remediation

Install update from vendor's website.

References

https://github.com/keylime/keylime/security/advisories/GHSA-jf66-3q76-h5p5