CVE-2023-3674
LowCVSS 2.3Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
A flaw was found in the Keylime attestation verifier, which fails to flag a device as untrusted when the TPM quote's signature does not validate. Instead, it only logs an error.
Risk Assessment
The organization may be at risk as devices with invalid signatures could be treated as trusted, leading to potential security vulnerabilities.
Recommendation
It is recommended to update the Keylime verifier and monitor logs for potential issues with TPM signatures.
Original NVD description (English source)
A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.

