CVE-2021-43310

A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
keylimekeylime
𝑥
< 6.3.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
keylime
bionic
dne
focal
dne
jammy
dne
trusty
dne
xenial
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
keylime-agent
suse enterprise desktop 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise desktop 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise desktop 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise desktop 15 SP7
6.3.2-150400.4.20.1
fixed
suse enterprise sap 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise sap 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise sap 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise sap 15 SP7
6.3.2-150400.4.20.1
fixed
suse enterprise server 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise server 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise server 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise server 15 SP7
6.3.2-150400.4.20.1
fixed
keylime-config
suse enterprise desktop 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise desktop 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise desktop 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise desktop 15 SP7
6.3.2-150400.4.20.1
fixed
suse enterprise sap 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise sap 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise sap 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise sap 15 SP7
6.3.2-150400.4.20.1
fixed
suse enterprise server 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise server 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise server 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise server 15 SP7
6.3.2-150400.4.20.1
fixed
keylime-firewalld
suse enterprise desktop 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise desktop 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise desktop 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise desktop 15 SP7
6.3.2-150400.4.20.1
fixed
suse enterprise sap 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise sap 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise sap 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise sap 15 SP7
6.3.2-150400.4.20.1
fixed
suse enterprise server 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise server 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise server 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise server 15 SP7
6.3.2-150400.4.20.1
fixed
keylime-logrotate
suse enterprise desktop 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise desktop 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise desktop 15 SP7
6.3.2-150400.4.20.1
fixed
suse enterprise sap 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise sap 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise sap 15 SP7
6.3.2-150400.4.20.1
fixed
suse enterprise server 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise server 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise server 15 SP7
6.3.2-150400.4.20.1
fixed
keylime-registrar
suse enterprise desktop 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise desktop 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise desktop 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise desktop 15 SP7
6.3.2-150400.4.20.1
fixed
suse enterprise sap 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise sap 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise sap 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise sap 15 SP7
6.3.2-150400.4.20.1
fixed
suse enterprise server 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise server 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise server 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise server 15 SP7
6.3.2-150400.4.20.1
fixed
keylime-tpm_cert_store
suse enterprise desktop 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise desktop 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise desktop 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise desktop 15 SP7
6.3.2-150400.4.20.1
fixed
suse enterprise sap 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise sap 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise sap 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise sap 15 SP7
6.3.2-150400.4.20.1
fixed
suse enterprise server 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise server 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise server 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise server 15 SP7
6.3.2-150400.4.20.1
fixed
keylime-verifier
suse enterprise desktop 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise desktop 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise desktop 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise desktop 15 SP7
6.3.2-150400.4.20.1
fixed
suse enterprise sap 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise sap 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise sap 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise sap 15 SP7
6.3.2-150400.4.20.1
fixed
suse enterprise server 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise server 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise server 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise server 15 SP7
6.3.2-150400.4.20.1
fixed
python3-keylime
suse enterprise desktop 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise desktop 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise desktop 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise desktop 15 SP7
6.3.2-150400.4.20.1
fixed
suse enterprise sap 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise sap 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise sap 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise sap 15 SP7
6.3.2-150400.4.20.1
fixed
suse enterprise server 15 SP4
6.3.0-150400.2.5
fixed
suse enterprise server 15 SP5
6.3.2-150400.4.14.1
fixed
suse enterprise server 15 SP6
6.3.2-150400.4.20.1
fixed
suse enterprise server 15 SP7
6.3.2-150400.4.20.1
fixed
Common Weakness Enumeration
References
https://github.com/keylime/keylime/security/advisories/GHSA-2m39-75g9-ff5r
https://seclists.org/oss-sec/2022/q1/101
https://github.com/keylime/keylime/security/advisories/GHSA-2m39-75g9-ff5r
https://seclists.org/oss-sec/2022/q1/101