CWE-1283
Mutable Attestation or Measurement Reporting Data
The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.
CVE-2023-3674 (GCVE-0-2023-3674)
Vulnerability from cvelistv5
Published
2023-07-19 18:25
Modified
2025-11-21 05:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1283 - Mutable Attestation or Measurement Reporting Data
Summary
A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected: 0:7.3.0-13.el9_3 < * cpe:/a:redhat:enterprise_linux:9::appstream |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1139"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3674"
},
{
"name": "RHBZ#2222903",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222903"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/keylime/keylime/commit/95ce3d86bd2c53009108ffda2dcf553312d733db"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:58:02.803515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:58:49.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "keylime",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:7.3.0-13.el9_3",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Stefan Berger (IBM) for reporting this issue."
}
],
"datePublic": "2023-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the keylime attestation verifier, which fails to flag a device\u0027s submitted TPM quote as faulty when the quote\u0027s signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1283",
"description": "Mutable Attestation or Measurement Reporting Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T05:59:49.417Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1139"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3674"
},
{
"name": "RHBZ#2222903",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222903"
},
{
"url": "https://github.com/keylime/keylime/commit/95ce3d86bd2c53009108ffda2dcf553312d733db"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-14T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-07-12T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Keylime: attestation failure when the quote\u0027s signature does not validate",
"x_redhatCweChain": "CWE-1283: Mutable Attestation or Measurement Reporting Data"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3674",
"datePublished": "2023-07-19T18:25:28.581Z",
"dateReserved": "2023-07-14T12:39:01.155Z",
"dateUpdated": "2025-11-21T05:59:49.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-29038 (GCVE-0-2024-29038)
Vulnerability from cvelistv5
Published
2024-06-28 13:44
Modified
2025-11-04 17:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tpm2-software | tpm2-tools |
Version: >= 4.1-rc0, < 5.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T14:26:41.987195Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T14:26:47.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:19:44.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f"
},
{
"name": "https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GI4JFEZBKQQUPJ4RWK6IHEWXAFCEJDPI/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFR7SVEWCOXORHPCLLGXEMHFMIGG2MFE/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tpm2-tools",
"vendor": "tpm2-software",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.1-rc0, \u003c 5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1283",
"description": "CWE-1283: Mutable Attestation or Measurement Reporting Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1390",
"description": "CWE-1390: Weak Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T13:44:07.035Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f"
},
{
"name": "https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7"
}
],
"source": {
"advisory": "GHSA-5495-c38w-gr6f",
"discovery": "UNKNOWN"
},
"title": "tpm2 does not detect if quote was not generated by TPM"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29038",
"datePublished": "2024-06-28T13:44:07.035Z",
"dateReserved": "2024-03-14T16:59:47.613Z",
"dateUpdated": "2025-11-04T17:19:44.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- Measurement data should be stored in registers that are read-only or otherwise have access controls that prevent modification by an untrusted agent.
CAPEC-680: Exploitation of Improperly Controlled Registers
An adversary exploits missing or incorrectly configured access control within registers to read/write data that is not meant to be obtained or modified by a user.