CVE-2022-3500

MEDIUM
Published Nov 22, 20223y ago · Modified Jun 17, 20262w ago
5.1 CVSS 3.1
Medium
Find Similar
Published Nov 22, 2022 3y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.

CVSS Details

Base Score
5.1
Exploitability
1.4
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-248

Affected Products 5

VendorProductVersionRange
keylimekeylime* <6.5.1
redhatenterprise_linux9.0any
fedoraprojectfedora35any
fedoraprojectfedora36any
fedoraprojectfedora37any

References 5

  • access.redhat.com https://access.redhat.com/security/cve/CVE-2022-3500
    Third Party Advisory
  • github.com https://github.com/keylime/keylime/pull/1128
    Issue TrackingPatchThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUTHMDVFNGGVPCNPOGULMJAAFEP7MEXP/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QX4XVCAUFGJ2I2NCTOKONTJGRJB2NBBT/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQH5CJRX65QYMQN5WGUKKKE3IRJBWG5Z/

Remediation

  • github.com https://github.com/keylime/keylime/pull/1128
    Issue TrackingPatchThird Party Advisory