https://bugzilla.suse.com/show_bug.cgi?id=1199253 Bug ID: 1199253 Summary: VUL-0: CVE-2022-1053: keylime: Tenant and Verifier might not use the same registrar data Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/330814/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: aplanas@suse.com Reporter: cathy.hu@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- rh#2065024 Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. Affects all versions of Keylime <6.4.0 References: https://bugzilla.redhat.com/show_bug.cgi?id=2065024 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1053 -- You are receiving this mail because: You are on the CC list for the bug.