A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity.
Information Disclosure
Keylime
Fedora
NVD
GitHub
CVSS 3.1
2.8
EPSS
0.2%