#VU69339 Error Handling in keylime - CVE-2022-3500
Published: November 15, 2022
Vulnerability identifier: #VU69339
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-3500
CWE-ID: CWE-388
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
keylime
keylime
Software vendor:
Keylime
Keylime
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling when treating system level failures, such as network driver crash, causing the verifier component to quit and not recover. The verifier's state machine remains in "verified" state and the associated database is no longer updated for this agent.
Remediation
Install updates from vendor's website.