漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Keylime: attestation failure when the quote's signature does not validate
Vulnerability Description
A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
CWE-1283
Vulnerability Title
Keylime 安全漏洞
Vulnerability Description
Keylime是Keylime的一个利用 TPM 技术的开源可扩展信任系统。 keylime存在安全漏洞,该漏洞源于keylime验证程序无法将设备提交的TPM quote标记为有错误。
CVSS Information
N/A
Vulnerability Type
N/A