Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-6420 (GCVE-0-2026-6420)
Vulnerability from cvelistv5 – Published: 2026-05-06 10:19 – Updated: 2026-06-24 01:55- CWE-1241 - Use of Predictable Algorithm in Random Number Generator
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:28582 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2026-6420 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2458889 | issue-trackingx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:7.14.1-5.el10_2.1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6420",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T13:54:45.881598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T15:24:21.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"packageName": "keylime",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:7.14.1-5.el10_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "keylime",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Keylime developers for reporting this issue."
}
],
"datePublic": "2026-05-06T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1241",
"description": "Use of Predictable Algorithm in Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T01:55:59.591Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:28582",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28582"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-6420"
},
{
"name": "RHBZ#2458889",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458889"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-16T06:01:38.993Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-06T10:00:00.000Z",
"value": "Made public."
}
],
"title": "Keylime: keylime: security bypass due to hardcoded tpm quote nonce",
"workarounds": [
{
"lang": "en",
"value": "Primary fix (one-line change in keylime/models/verifier/evidence.py):\nBefore (vulnerable):\ndef generate_challenge(self, bit_length):\n\nself.challenge = Nonce.generate(bit_length)\n self.challenge = bytes.fromhex(\"49beed365aac777dae23564f5ad0ec\")\n\nAfter (fixed):\ndef generate_challenge(self, bit_length):\nself.challenge = Nonce.generate(bit_length)\n\nExisting partial mitigations (already active):\n\n1. TPM clock monotonicity check: limits each quote to one replay.\n2. Push attestation timeout (default 10s): constrains the quote generation window, but TPM throughput allows 50-200 quotes to be stockpiled in that time."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-1241: Use of Predictable Algorithm in Random Number Generator"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-6420",
"datePublished": "2026-05-06T10:19:39.121Z",
"dateReserved": "2026-04-16T06:03:46.656Z",
"dateUpdated": "2026-06-24T01:55:59.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-6420",
"date": "2026-07-04",
"epss": "0.00121",
"percentile": "0.02234"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-6420\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2026-05-06T11:16:05.193\",\"lastModified\":\"2026-06-24T03:16:24.810\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.\"}],\"affected\":[{\"source\":\"secalert@redhat.com\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"keylime\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"],\"versions\":[{\"version\":\"0:7.14.1-5.el10_2.1\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"keylime\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.8,\"impactScore\":5.5}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-06T13:54:45.881598Z\",\"id\":\"CVE-2026-6420\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1241\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28582\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-6420\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2458889\",\"source\":\"secalert@redhat.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-6420\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-06T13:54:45.881598Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-06T13:54:49.240Z\"}}], \"cna\": {\"title\": \"Keylime: keylime: security bypass due to hardcoded tpm quote nonce\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Keylime developers for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:7.14.1-5.el10_2.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"keylime\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"packageName\": \"keylime\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-04-16T06:01:38.993Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-05-06T10:00:00.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2026-05-06T10:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2026:28582\", \"name\": \"RHSA-2026:28582\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2026-6420\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2458889\", \"name\": \"RHBZ#2458889\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Primary fix (one-line change in keylime/models/verifier/evidence.py):\\nBefore (vulnerable):\\ndef generate_challenge(self, bit_length):\\n\\nself.challenge = Nonce.generate(bit_length)\\n self.challenge = bytes.fromhex(\\\"49beed365aac777dae23564f5ad0ec\\\")\\n\\nAfter (fixed):\\ndef generate_challenge(self, bit_length):\\nself.challenge = Nonce.generate(bit_length)\\n\\nExisting partial mitigations (already active):\\n\\n1. TPM clock monotonicity check: limits each quote to one replay.\\n2. Push attestation timeout (default 10s): constrains the quote generation window, but TPM throughput allows 50-200 quotes to be stockpiled in that time.\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1241\", \"description\": \"Use of Predictable Algorithm in Random Number Generator\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-06-24T01:55:59.591Z\"}, \"x_redhatCweChain\": \"CWE-1241: Use of Predictable Algorithm in Random Number Generator\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-6420\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-24T01:55:59.591Z\", \"dateReserved\": \"2026-04-16T06:03:46.656Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2026-05-06T10:19:39.121Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-6420
Vulnerability from fkie_nvd - Published: 2026-05-06 11:16 - Updated: 2026-06-24 03:16| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"packageName": "keylime",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:7.14.1-5.el10_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "keylime",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"source": "secalert@redhat.com"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment."
}
],
"id": "CVE-2026-6420",
"lastModified": "2026-06-24T03:16:24.810",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.5,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-6420",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T13:54:45.881598Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-05-06T11:16:05.193",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:28582"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/security/cve/CVE-2026-6420"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458889"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1241"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
GHSA-Q8W6-W55C-CCV5
Vulnerability from github – Published: 2026-05-11 14:42 – Updated: 2026-05-11 14:42CVE-2026-6420: Hardcoded attestation challenge nonce allows replay attacks
Impact
The CertificationParameters.generate_challenge() method in the push attestation protocol uses a hardcoded challenge nonce instead of generating a cryptographically random value. This removes the nonce-based replay protection from TPM quote attestation.
An attacker with root access on a monitored agent node can exploit this by stockpiling valid TPM quotes (using tpm2_quote with the known nonce) before compromising the system, then replaying them to evade detection by the verifier. The push attestation timeout (~10s) constrains the generation window, but TPM throughput allows stockpiling ~50-200 quotes, enabling approximately 8-33 minutes of undetected compromise with default settings.
The attack is limited to a single agent node (AK signature binding prevents cross-agent replay). The pull-mode (legacy) attestation path is not affected.
Affected versions: >= 7.14.0, <= 7.14.1
CVSS: 6.3 Medium (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L)
| Metric | Value | Rationale |
|---|---|---|
| AV | Local | Exploitation requires local access to the agent machine (stop agent, access TPM, run replacement). The network transmission of quotes to the verifier is normal protocol operation. |
| AC | Low | Deterministic attack: publicly visible nonce, standard tpm2-tools, no race conditions. |
| PR | High | Root on a legitimate enrolled node is required. The vulnerability does not help gain access -- it only helps evade detection after root is obtained. No value against a machine the attacker already controls. |
| UI | None | Fully automated after initial setup. |
| S | Unchanged | AK signature binding confines impact to the single compromised agent. |
| C | High | Compromised node continues receiving bootstrap keys, payloads, and secrets intended for trusted nodes. |
| I | High | Verifier cannot distinguish a healthy system from a fully compromised one during the evasion window. |
| A | Low | Only the compromised agent's revocation and incident response are suppressed; the system as a whole remains operational. |
The base score does not fully capture the operational severity: Keylime exists to detect machine compromise, so 8-33 minutes of undetected compromise is operationally critical. The fix is a one-line change and should be applied immediately regardless of the base score.
Patches
The fix restores the original random nonce generation (one-line change in keylime/models/verifier/evidence.py):
# Before (vulnerable):
def generate_challenge(self, bit_length):
# self.challenge = Nonce.generate(bit_length)
self.challenge = bytes.fromhex("49beed365aac777dae23564f5ad0ec")
# After (fixed):
def generate_challenge(self, bit_length):
self.challenge = Nonce.generate(bit_length)
Users should upgrade to the version containing this fix (7.14.2).
Workarounds
There is no complete workaround. The following existing mechanisms provide partial mitigation and are already active by default (no configuration needed):
- TPM clock monotonicity check limits each distinct stockpiled quote to a single use, bounding the total evasion time.
- Push attestation timeout (default 10s) prevents the attacker from going silent and constrains the quote generation window.
Reducing quote_interval increases the attestation frequency but does not prevent the stockpiling attack.
References
- CWE-329: Generation of Predictable IV/Nonce (primary -- hardcoded nonce in cryptographic attestation protocol)
- CWE-547: Use of Hard-Coded, Security-relevant Constants (hardcoded constant left in production code)
- CWE-294: Authentication Bypass by Capture-replay (consequence -- enables replay attacks)
- CWE-1241: Use of Predictable Algorithm in Random Number Generator
- Introducing commit:
2bf91197via PR #1814 - TCG TPM 2.0 Library Specification, Part 1, Section 18.4 (TPM2_Quote)
- IETF RATS Architecture (RFC 9334), Section 8 (Freshness)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 7.14.1"
},
"package": {
"ecosystem": "PyPI",
"name": "keylime"
},
"ranges": [
{
"events": [
{
"introduced": "7.14.0"
},
{
"fixed": "7.14.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-6420"
],
"database_specific": {
"cwe_ids": [
"CWE-1241",
"CWE-294",
"CWE-329",
"CWE-547"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-11T14:42:46Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## CVE-2026-6420: Hardcoded attestation challenge nonce allows replay attacks\n\n### Impact\n\nThe `CertificationParameters.generate_challenge()` method in the push attestation protocol uses a hardcoded challenge nonce instead of generating a cryptographically random value. This removes the nonce-based replay protection from TPM quote attestation.\n\nAn attacker with root access on a monitored agent node can exploit this by stockpiling valid TPM quotes (using `tpm2_quote` with the known nonce) before compromising the system, then replaying them to evade detection by the verifier. The push attestation timeout (~10s) constrains the generation window, but TPM throughput allows stockpiling ~50-200 quotes, enabling approximately 8-33 minutes of undetected compromise with default settings.\n\nThe attack is limited to a single agent node (AK signature binding prevents cross-agent replay). The pull-mode (legacy) attestation path is not affected.\n\n**Affected versions:** \u003e= 7.14.0, \u003c= 7.14.1\n\n**CVSS:** 6.3 Medium (`CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L`)\n\n| Metric | Value | Rationale |\n|---|---|---|\n| AV | Local | Exploitation requires local access to the agent machine (stop agent, access TPM, run replacement). The network transmission of quotes to the verifier is normal protocol operation. |\n| AC | Low | Deterministic attack: publicly visible nonce, standard `tpm2-tools`, no race conditions. |\n| PR | High | Root on a legitimate enrolled node is required. The vulnerability does not help gain access -- it only helps evade detection after root is obtained. No value against a machine the attacker already controls. |\n| UI | None | Fully automated after initial setup. |\n| S | Unchanged | AK signature binding confines impact to the single compromised agent. |\n| C | High | Compromised node continues receiving bootstrap keys, payloads, and secrets intended for trusted nodes. |\n| I | High | Verifier cannot distinguish a healthy system from a fully compromised one during the evasion window. |\n| A | Low | Only the compromised agent\u0027s revocation and incident response are suppressed; the system as a whole remains operational. |\n\nThe base score does not fully capture the operational severity: Keylime exists to detect machine compromise, so 8-33 minutes of undetected compromise is operationally critical. The fix is a one-line change and should be applied immediately regardless of the base score.\n\n### Patches\n\nThe fix restores the original random nonce generation (one-line change in `keylime/models/verifier/evidence.py`):\n\n```python\n# Before (vulnerable):\ndef generate_challenge(self, bit_length):\n # self.challenge = Nonce.generate(bit_length)\n self.challenge = bytes.fromhex(\"49beed365aac777dae23564f5ad0ec\")\n\n# After (fixed):\ndef generate_challenge(self, bit_length):\n self.challenge = Nonce.generate(bit_length)\n```\n\nUsers should upgrade to the version containing this fix (7.14.2).\n\n### Workarounds\n\nThere is no complete workaround. The following existing mechanisms provide partial mitigation and are already active by default (no configuration needed):\n\n1. **TPM clock monotonicity check** limits each distinct stockpiled quote to a single use, bounding the total evasion time.\n2. **Push attestation timeout** (default 10s) prevents the attacker from going silent and constrains the quote generation window.\n\nReducing `quote_interval` increases the attestation frequency but does not prevent the stockpiling attack.\n\n### References\n\n- CWE-329: Generation of Predictable IV/Nonce (primary -- hardcoded nonce in cryptographic attestation protocol)\n- CWE-547: Use of Hard-Coded, Security-relevant Constants (hardcoded constant left in production code)\n- CWE-294: Authentication Bypass by Capture-replay (consequence -- enables replay attacks)\n- CWE-1241: Use of Predictable Algorithm in Random Number Generator\n- Introducing commit: [`2bf91197`](https://github.com/keylime/keylime/commit/2bf91197) via [PR #1814](https://github.com/keylime/keylime/pull/1814)\n- TCG TPM 2.0 Library Specification, Part 1, Section 18.4 (TPM2_Quote)\n- IETF RATS Architecture (RFC 9334), Section 8 (Freshness)",
"id": "GHSA-q8w6-w55c-ccv5",
"modified": "2026-05-11T14:42:46Z",
"published": "2026-05-11T14:42:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/keylime/keylime/security/advisories/GHSA-q8w6-w55c-ccv5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6420"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-6420"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458889"
},
{
"type": "PACKAGE",
"url": "https://github.com/keylime/keylime"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Keylime has a hardcoded attestation challenge nonce that allows replay attacks"
}
GHSA-WC6P-4GWJ-JCR8
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-06-24 03:30Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-q8w6-w55c-ccv5. This link is maintained to preserve external references.
Original Description
A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 7.14.1"
},
"package": {
"ecosystem": "PyPI",
"name": "keylime"
},
"ranges": [
{
"events": [
{
"introduced": "7.14.0"
},
{
"fixed": "7.14.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1241"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-11T14:08:50Z",
"nvd_published_at": "2026-05-06T11:16:05Z",
"severity": "MODERATE"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-q8w6-w55c-ccv5. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.",
"id": "GHSA-wc6p-4gwj-jcr8",
"modified": "2026-06-24T03:30:34Z",
"published": "2026-05-06T12:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6420"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28582"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-6420"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458889"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: Keylime has a hardcoded attestation challenge nonce that allows replay attacks",
"withdrawn": "2026-05-11T14:08:50Z"
}
OPENSUSE-SU-2026:10779-1
Vulnerability from csaf_opensuse - Published: 2026-05-14 00:00 - Updated: 2026-05-14 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:keylime-config-7.14.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-config-7.14.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-config-7.14.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-config-7.14.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "keylime-config-7.14.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the keylime-config-7.14.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10779",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10779-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6420 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6420/"
}
],
"title": "keylime-config-7.14.2-1.1 on GA media",
"tracking": {
"current_release_date": "2026-05-14T00:00:00Z",
"generator": {
"date": "2026-05-14T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10779-1",
"initial_release_date": "2026-05-14T00:00:00Z",
"revision_history": [
{
"date": "2026-05-14T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-config-7.14.2-1.1.aarch64",
"product": {
"name": "keylime-config-7.14.2-1.1.aarch64",
"product_id": "keylime-config-7.14.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "keylime-firewalld-7.14.2-1.1.aarch64",
"product": {
"name": "keylime-firewalld-7.14.2-1.1.aarch64",
"product_id": "keylime-firewalld-7.14.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "keylime-logrotate-7.14.2-1.1.aarch64",
"product": {
"name": "keylime-logrotate-7.14.2-1.1.aarch64",
"product_id": "keylime-logrotate-7.14.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "keylime-registrar-7.14.2-1.1.aarch64",
"product": {
"name": "keylime-registrar-7.14.2-1.1.aarch64",
"product_id": "keylime-registrar-7.14.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "keylime-tenant-7.14.2-1.1.aarch64",
"product": {
"name": "keylime-tenant-7.14.2-1.1.aarch64",
"product_id": "keylime-tenant-7.14.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "keylime-tpm_cert_store-7.14.2-1.1.aarch64",
"product": {
"name": "keylime-tpm_cert_store-7.14.2-1.1.aarch64",
"product_id": "keylime-tpm_cert_store-7.14.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "keylime-verifier-7.14.2-1.1.aarch64",
"product": {
"name": "keylime-verifier-7.14.2-1.1.aarch64",
"product_id": "keylime-verifier-7.14.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-keylime-7.14.2-1.1.aarch64",
"product": {
"name": "python311-keylime-7.14.2-1.1.aarch64",
"product_id": "python311-keylime-7.14.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-keylime-7.14.2-1.1.aarch64",
"product": {
"name": "python313-keylime-7.14.2-1.1.aarch64",
"product_id": "python313-keylime-7.14.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python314-keylime-7.14.2-1.1.aarch64",
"product": {
"name": "python314-keylime-7.14.2-1.1.aarch64",
"product_id": "python314-keylime-7.14.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-config-7.14.2-1.1.ppc64le",
"product": {
"name": "keylime-config-7.14.2-1.1.ppc64le",
"product_id": "keylime-config-7.14.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "keylime-firewalld-7.14.2-1.1.ppc64le",
"product": {
"name": "keylime-firewalld-7.14.2-1.1.ppc64le",
"product_id": "keylime-firewalld-7.14.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "keylime-logrotate-7.14.2-1.1.ppc64le",
"product": {
"name": "keylime-logrotate-7.14.2-1.1.ppc64le",
"product_id": "keylime-logrotate-7.14.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "keylime-registrar-7.14.2-1.1.ppc64le",
"product": {
"name": "keylime-registrar-7.14.2-1.1.ppc64le",
"product_id": "keylime-registrar-7.14.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "keylime-tenant-7.14.2-1.1.ppc64le",
"product": {
"name": "keylime-tenant-7.14.2-1.1.ppc64le",
"product_id": "keylime-tenant-7.14.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "keylime-tpm_cert_store-7.14.2-1.1.ppc64le",
"product": {
"name": "keylime-tpm_cert_store-7.14.2-1.1.ppc64le",
"product_id": "keylime-tpm_cert_store-7.14.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "keylime-verifier-7.14.2-1.1.ppc64le",
"product": {
"name": "keylime-verifier-7.14.2-1.1.ppc64le",
"product_id": "keylime-verifier-7.14.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-keylime-7.14.2-1.1.ppc64le",
"product": {
"name": "python311-keylime-7.14.2-1.1.ppc64le",
"product_id": "python311-keylime-7.14.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-keylime-7.14.2-1.1.ppc64le",
"product": {
"name": "python313-keylime-7.14.2-1.1.ppc64le",
"product_id": "python313-keylime-7.14.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python314-keylime-7.14.2-1.1.ppc64le",
"product": {
"name": "python314-keylime-7.14.2-1.1.ppc64le",
"product_id": "python314-keylime-7.14.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-config-7.14.2-1.1.s390x",
"product": {
"name": "keylime-config-7.14.2-1.1.s390x",
"product_id": "keylime-config-7.14.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "keylime-firewalld-7.14.2-1.1.s390x",
"product": {
"name": "keylime-firewalld-7.14.2-1.1.s390x",
"product_id": "keylime-firewalld-7.14.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "keylime-logrotate-7.14.2-1.1.s390x",
"product": {
"name": "keylime-logrotate-7.14.2-1.1.s390x",
"product_id": "keylime-logrotate-7.14.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "keylime-registrar-7.14.2-1.1.s390x",
"product": {
"name": "keylime-registrar-7.14.2-1.1.s390x",
"product_id": "keylime-registrar-7.14.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "keylime-tenant-7.14.2-1.1.s390x",
"product": {
"name": "keylime-tenant-7.14.2-1.1.s390x",
"product_id": "keylime-tenant-7.14.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "keylime-tpm_cert_store-7.14.2-1.1.s390x",
"product": {
"name": "keylime-tpm_cert_store-7.14.2-1.1.s390x",
"product_id": "keylime-tpm_cert_store-7.14.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "keylime-verifier-7.14.2-1.1.s390x",
"product": {
"name": "keylime-verifier-7.14.2-1.1.s390x",
"product_id": "keylime-verifier-7.14.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-keylime-7.14.2-1.1.s390x",
"product": {
"name": "python311-keylime-7.14.2-1.1.s390x",
"product_id": "python311-keylime-7.14.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-keylime-7.14.2-1.1.s390x",
"product": {
"name": "python313-keylime-7.14.2-1.1.s390x",
"product_id": "python313-keylime-7.14.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python314-keylime-7.14.2-1.1.s390x",
"product": {
"name": "python314-keylime-7.14.2-1.1.s390x",
"product_id": "python314-keylime-7.14.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-config-7.14.2-1.1.x86_64",
"product": {
"name": "keylime-config-7.14.2-1.1.x86_64",
"product_id": "keylime-config-7.14.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "keylime-firewalld-7.14.2-1.1.x86_64",
"product": {
"name": "keylime-firewalld-7.14.2-1.1.x86_64",
"product_id": "keylime-firewalld-7.14.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "keylime-logrotate-7.14.2-1.1.x86_64",
"product": {
"name": "keylime-logrotate-7.14.2-1.1.x86_64",
"product_id": "keylime-logrotate-7.14.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "keylime-registrar-7.14.2-1.1.x86_64",
"product": {
"name": "keylime-registrar-7.14.2-1.1.x86_64",
"product_id": "keylime-registrar-7.14.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "keylime-tenant-7.14.2-1.1.x86_64",
"product": {
"name": "keylime-tenant-7.14.2-1.1.x86_64",
"product_id": "keylime-tenant-7.14.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "keylime-tpm_cert_store-7.14.2-1.1.x86_64",
"product": {
"name": "keylime-tpm_cert_store-7.14.2-1.1.x86_64",
"product_id": "keylime-tpm_cert_store-7.14.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "keylime-verifier-7.14.2-1.1.x86_64",
"product": {
"name": "keylime-verifier-7.14.2-1.1.x86_64",
"product_id": "keylime-verifier-7.14.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-keylime-7.14.2-1.1.x86_64",
"product": {
"name": "python311-keylime-7.14.2-1.1.x86_64",
"product_id": "python311-keylime-7.14.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-keylime-7.14.2-1.1.x86_64",
"product": {
"name": "python313-keylime-7.14.2-1.1.x86_64",
"product_id": "python313-keylime-7.14.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python314-keylime-7.14.2-1.1.x86_64",
"product": {
"name": "python314-keylime-7.14.2-1.1.x86_64",
"product_id": "python314-keylime-7.14.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-config-7.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-config-7.14.2-1.1.aarch64"
},
"product_reference": "keylime-config-7.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-config-7.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-config-7.14.2-1.1.ppc64le"
},
"product_reference": "keylime-config-7.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-config-7.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-config-7.14.2-1.1.s390x"
},
"product_reference": "keylime-config-7.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-config-7.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-config-7.14.2-1.1.x86_64"
},
"product_reference": "keylime-config-7.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-firewalld-7.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.aarch64"
},
"product_reference": "keylime-firewalld-7.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-firewalld-7.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.ppc64le"
},
"product_reference": "keylime-firewalld-7.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-firewalld-7.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.s390x"
},
"product_reference": "keylime-firewalld-7.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-firewalld-7.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.x86_64"
},
"product_reference": "keylime-firewalld-7.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-logrotate-7.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.aarch64"
},
"product_reference": "keylime-logrotate-7.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-logrotate-7.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.ppc64le"
},
"product_reference": "keylime-logrotate-7.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-logrotate-7.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.s390x"
},
"product_reference": "keylime-logrotate-7.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-logrotate-7.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.x86_64"
},
"product_reference": "keylime-logrotate-7.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-7.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.aarch64"
},
"product_reference": "keylime-registrar-7.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-7.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.ppc64le"
},
"product_reference": "keylime-registrar-7.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-7.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.s390x"
},
"product_reference": "keylime-registrar-7.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-7.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.x86_64"
},
"product_reference": "keylime-registrar-7.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-7.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.aarch64"
},
"product_reference": "keylime-tenant-7.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-7.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.ppc64le"
},
"product_reference": "keylime-tenant-7.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-7.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.s390x"
},
"product_reference": "keylime-tenant-7.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-7.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.x86_64"
},
"product_reference": "keylime-tenant-7.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tpm_cert_store-7.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.aarch64"
},
"product_reference": "keylime-tpm_cert_store-7.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tpm_cert_store-7.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.ppc64le"
},
"product_reference": "keylime-tpm_cert_store-7.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tpm_cert_store-7.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.s390x"
},
"product_reference": "keylime-tpm_cert_store-7.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tpm_cert_store-7.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.x86_64"
},
"product_reference": "keylime-tpm_cert_store-7.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-7.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.aarch64"
},
"product_reference": "keylime-verifier-7.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-7.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.ppc64le"
},
"product_reference": "keylime-verifier-7.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-7.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.s390x"
},
"product_reference": "keylime-verifier-7.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-7.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.x86_64"
},
"product_reference": "keylime-verifier-7.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-keylime-7.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.aarch64"
},
"product_reference": "python311-keylime-7.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-keylime-7.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.ppc64le"
},
"product_reference": "python311-keylime-7.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-keylime-7.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.s390x"
},
"product_reference": "python311-keylime-7.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-keylime-7.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.x86_64"
},
"product_reference": "python311-keylime-7.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-keylime-7.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.aarch64"
},
"product_reference": "python313-keylime-7.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-keylime-7.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.ppc64le"
},
"product_reference": "python313-keylime-7.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-keylime-7.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.s390x"
},
"product_reference": "python313-keylime-7.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-keylime-7.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.x86_64"
},
"product_reference": "python313-keylime-7.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-keylime-7.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.aarch64"
},
"product_reference": "python314-keylime-7.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-keylime-7.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.ppc64le"
},
"product_reference": "python314-keylime-7.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-keylime-7.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.s390x"
},
"product_reference": "python314-keylime-7.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-keylime-7.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.x86_64"
},
"product_reference": "python314-keylime-7.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6420"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:keylime-config-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-config-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-config-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-config-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6420",
"url": "https://www.suse.com/security/cve/CVE-2026-6420"
},
{
"category": "external",
"summary": "SUSE Bug 1264265 for CVE-2026-6420",
"url": "https://bugzilla.suse.com/1264265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:keylime-config-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-config-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-config-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-config-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:keylime-config-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-config-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-config-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-config-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-firewalld-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-logrotate-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-registrar-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-tenant-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:keylime-verifier-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:python311-keylime-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:python313-keylime-7.14.2-1.1.x86_64",
"openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.aarch64",
"openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.s390x",
"openSUSE Tumbleweed:python314-keylime-7.14.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-6420"
}
]
}
RHSA-2026:28582
Vulnerability from csaf_redhat - Published: 2026-06-24 01:39 - Updated: 2026-07-02 17:10A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-selinux-0:7.14.1-5.el10_2.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for keylime is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.\n\nSecurity Fix(es):\n\n* keylime: Keylime: Security bypass due to hardcoded TPM quote nonce (CVE-2026-6420)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:28582",
"url": "https://access.redhat.com/errata/RHSA-2026:28582"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2458889",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458889"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28582.json"
}
],
"title": "Red Hat Security Advisory: keylime security update",
"tracking": {
"current_release_date": "2026-07-02T17:10:17+00:00",
"generator": {
"date": "2026-07-02T17:10:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:28582",
"initial_release_date": "2026-06-24T01:39:15+00:00",
"revision_history": [
{
"date": "2026-06-24T01:39:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-24T01:39:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T17:10:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.14.1-5.el10_2.1.src",
"product": {
"name": "keylime-0:7.14.1-5.el10_2.1.src",
"product_id": "keylime-0:7.14.1-5.el10_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.14.1-5.el10_2.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.14.1-5.el10_2.1.aarch64",
"product": {
"name": "keylime-0:7.14.1-5.el10_2.1.aarch64",
"product_id": "keylime-0:7.14.1-5.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.14.1-5.el10_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.14.1-5.el10_2.1.aarch64",
"product": {
"name": "keylime-base-0:7.14.1-5.el10_2.1.aarch64",
"product_id": "keylime-base-0:7.14.1-5.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.14.1-5.el10_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.14.1-5.el10_2.1.aarch64",
"product": {
"name": "keylime-registrar-0:7.14.1-5.el10_2.1.aarch64",
"product_id": "keylime-registrar-0:7.14.1-5.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.14.1-5.el10_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.14.1-5.el10_2.1.aarch64",
"product": {
"name": "keylime-tenant-0:7.14.1-5.el10_2.1.aarch64",
"product_id": "keylime-tenant-0:7.14.1-5.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.14.1-5.el10_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-tools-0:7.14.1-5.el10_2.1.aarch64",
"product": {
"name": "keylime-tools-0:7.14.1-5.el10_2.1.aarch64",
"product_id": "keylime-tools-0:7.14.1-5.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tools@7.14.1-5.el10_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.14.1-5.el10_2.1.aarch64",
"product": {
"name": "keylime-verifier-0:7.14.1-5.el10_2.1.aarch64",
"product_id": "keylime-verifier-0:7.14.1-5.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.14.1-5.el10_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.14.1-5.el10_2.1.aarch64",
"product": {
"name": "python3-keylime-0:7.14.1-5.el10_2.1.aarch64",
"product_id": "python3-keylime-0:7.14.1-5.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.14.1-5.el10_2.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.14.1-5.el10_2.1.ppc64le",
"product": {
"name": "keylime-0:7.14.1-5.el10_2.1.ppc64le",
"product_id": "keylime-0:7.14.1-5.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.14.1-5.el10_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.14.1-5.el10_2.1.ppc64le",
"product": {
"name": "keylime-base-0:7.14.1-5.el10_2.1.ppc64le",
"product_id": "keylime-base-0:7.14.1-5.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.14.1-5.el10_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.14.1-5.el10_2.1.ppc64le",
"product": {
"name": "keylime-registrar-0:7.14.1-5.el10_2.1.ppc64le",
"product_id": "keylime-registrar-0:7.14.1-5.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.14.1-5.el10_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.14.1-5.el10_2.1.ppc64le",
"product": {
"name": "keylime-tenant-0:7.14.1-5.el10_2.1.ppc64le",
"product_id": "keylime-tenant-0:7.14.1-5.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.14.1-5.el10_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-tools-0:7.14.1-5.el10_2.1.ppc64le",
"product": {
"name": "keylime-tools-0:7.14.1-5.el10_2.1.ppc64le",
"product_id": "keylime-tools-0:7.14.1-5.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tools@7.14.1-5.el10_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.14.1-5.el10_2.1.ppc64le",
"product": {
"name": "keylime-verifier-0:7.14.1-5.el10_2.1.ppc64le",
"product_id": "keylime-verifier-0:7.14.1-5.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.14.1-5.el10_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.14.1-5.el10_2.1.ppc64le",
"product": {
"name": "python3-keylime-0:7.14.1-5.el10_2.1.ppc64le",
"product_id": "python3-keylime-0:7.14.1-5.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.14.1-5.el10_2.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.14.1-5.el10_2.1.x86_64",
"product": {
"name": "keylime-0:7.14.1-5.el10_2.1.x86_64",
"product_id": "keylime-0:7.14.1-5.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.14.1-5.el10_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.14.1-5.el10_2.1.x86_64",
"product": {
"name": "keylime-base-0:7.14.1-5.el10_2.1.x86_64",
"product_id": "keylime-base-0:7.14.1-5.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.14.1-5.el10_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.14.1-5.el10_2.1.x86_64",
"product": {
"name": "keylime-registrar-0:7.14.1-5.el10_2.1.x86_64",
"product_id": "keylime-registrar-0:7.14.1-5.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.14.1-5.el10_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.14.1-5.el10_2.1.x86_64",
"product": {
"name": "keylime-tenant-0:7.14.1-5.el10_2.1.x86_64",
"product_id": "keylime-tenant-0:7.14.1-5.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.14.1-5.el10_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-tools-0:7.14.1-5.el10_2.1.x86_64",
"product": {
"name": "keylime-tools-0:7.14.1-5.el10_2.1.x86_64",
"product_id": "keylime-tools-0:7.14.1-5.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tools@7.14.1-5.el10_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.14.1-5.el10_2.1.x86_64",
"product": {
"name": "keylime-verifier-0:7.14.1-5.el10_2.1.x86_64",
"product_id": "keylime-verifier-0:7.14.1-5.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.14.1-5.el10_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.14.1-5.el10_2.1.x86_64",
"product": {
"name": "python3-keylime-0:7.14.1-5.el10_2.1.x86_64",
"product_id": "python3-keylime-0:7.14.1-5.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.14.1-5.el10_2.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.14.1-5.el10_2.1.s390x",
"product": {
"name": "keylime-0:7.14.1-5.el10_2.1.s390x",
"product_id": "keylime-0:7.14.1-5.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.14.1-5.el10_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.14.1-5.el10_2.1.s390x",
"product": {
"name": "keylime-base-0:7.14.1-5.el10_2.1.s390x",
"product_id": "keylime-base-0:7.14.1-5.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.14.1-5.el10_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.14.1-5.el10_2.1.s390x",
"product": {
"name": "keylime-registrar-0:7.14.1-5.el10_2.1.s390x",
"product_id": "keylime-registrar-0:7.14.1-5.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.14.1-5.el10_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.14.1-5.el10_2.1.s390x",
"product": {
"name": "keylime-tenant-0:7.14.1-5.el10_2.1.s390x",
"product_id": "keylime-tenant-0:7.14.1-5.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.14.1-5.el10_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-tools-0:7.14.1-5.el10_2.1.s390x",
"product": {
"name": "keylime-tools-0:7.14.1-5.el10_2.1.s390x",
"product_id": "keylime-tools-0:7.14.1-5.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tools@7.14.1-5.el10_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.14.1-5.el10_2.1.s390x",
"product": {
"name": "keylime-verifier-0:7.14.1-5.el10_2.1.s390x",
"product_id": "keylime-verifier-0:7.14.1-5.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.14.1-5.el10_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.14.1-5.el10_2.1.s390x",
"product": {
"name": "python3-keylime-0:7.14.1-5.el10_2.1.s390x",
"product_id": "python3-keylime-0:7.14.1-5.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.14.1-5.el10_2.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-selinux-0:7.14.1-5.el10_2.1.noarch",
"product": {
"name": "keylime-selinux-0:7.14.1-5.el10_2.1.noarch",
"product_id": "keylime-selinux-0:7.14.1-5.el10_2.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-selinux@7.14.1-5.el10_2.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.14.1-5.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.aarch64"
},
"product_reference": "keylime-0:7.14.1-5.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.14.1-5.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.ppc64le"
},
"product_reference": "keylime-0:7.14.1-5.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.14.1-5.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.s390x"
},
"product_reference": "keylime-0:7.14.1-5.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.14.1-5.el10_2.1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.src"
},
"product_reference": "keylime-0:7.14.1-5.el10_2.1.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.14.1-5.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.x86_64"
},
"product_reference": "keylime-0:7.14.1-5.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.14.1-5.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.aarch64"
},
"product_reference": "keylime-base-0:7.14.1-5.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.14.1-5.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.ppc64le"
},
"product_reference": "keylime-base-0:7.14.1-5.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.14.1-5.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.s390x"
},
"product_reference": "keylime-base-0:7.14.1-5.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.14.1-5.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.x86_64"
},
"product_reference": "keylime-base-0:7.14.1-5.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.14.1-5.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.aarch64"
},
"product_reference": "keylime-registrar-0:7.14.1-5.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.14.1-5.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.ppc64le"
},
"product_reference": "keylime-registrar-0:7.14.1-5.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.14.1-5.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.s390x"
},
"product_reference": "keylime-registrar-0:7.14.1-5.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.14.1-5.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.x86_64"
},
"product_reference": "keylime-registrar-0:7.14.1-5.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-selinux-0:7.14.1-5.el10_2.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-selinux-0:7.14.1-5.el10_2.1.noarch"
},
"product_reference": "keylime-selinux-0:7.14.1-5.el10_2.1.noarch",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.14.1-5.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.aarch64"
},
"product_reference": "keylime-tenant-0:7.14.1-5.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.14.1-5.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.ppc64le"
},
"product_reference": "keylime-tenant-0:7.14.1-5.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.14.1-5.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.s390x"
},
"product_reference": "keylime-tenant-0:7.14.1-5.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.14.1-5.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.x86_64"
},
"product_reference": "keylime-tenant-0:7.14.1-5.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tools-0:7.14.1-5.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.aarch64"
},
"product_reference": "keylime-tools-0:7.14.1-5.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tools-0:7.14.1-5.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.ppc64le"
},
"product_reference": "keylime-tools-0:7.14.1-5.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tools-0:7.14.1-5.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.s390x"
},
"product_reference": "keylime-tools-0:7.14.1-5.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tools-0:7.14.1-5.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.x86_64"
},
"product_reference": "keylime-tools-0:7.14.1-5.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.14.1-5.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.aarch64"
},
"product_reference": "keylime-verifier-0:7.14.1-5.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.14.1-5.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.ppc64le"
},
"product_reference": "keylime-verifier-0:7.14.1-5.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.14.1-5.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.s390x"
},
"product_reference": "keylime-verifier-0:7.14.1-5.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.14.1-5.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.x86_64"
},
"product_reference": "keylime-verifier-0:7.14.1-5.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.14.1-5.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.aarch64"
},
"product_reference": "python3-keylime-0:7.14.1-5.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.14.1-5.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.ppc64le"
},
"product_reference": "python3-keylime-0:7.14.1-5.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.14.1-5.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.s390x"
},
"product_reference": "python3-keylime-0:7.14.1-5.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.14.1-5.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.x86_64"
},
"product_reference": "python3-keylime-0:7.14.1-5.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Keylime developers"
]
}
],
"cve": "CVE-2026-6420",
"cwe": {
"id": "CWE-1241",
"name": "Use of Predictable Algorithm in Random Number Generator"
},
"discovery_date": "2026-04-16T06:01:38.993000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458889"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keylime: Keylime: Security bypass due to hardcoded TPM quote nonce",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.src",
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-selinux-0:7.14.1-5.el10_2.1.noarch",
"AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6420"
},
{
"category": "external",
"summary": "RHBZ#2458889",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458889"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6420",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6420"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6420",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6420"
}
],
"release_date": "2026-05-06T10:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T01:39:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.src",
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-selinux-0:7.14.1-5.el10_2.1.noarch",
"AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28582"
},
{
"category": "workaround",
"details": "Primary fix (one-line change in keylime/models/verifier/evidence.py):\nBefore (vulnerable):\ndef generate_challenge(self, bit_length):\n\nself.challenge = Nonce.generate(bit_length)\n self.challenge = bytes.fromhex(\"49beed365aac777dae23564f5ad0ec\")\n\nAfter (fixed):\ndef generate_challenge(self, bit_length):\nself.challenge = Nonce.generate(bit_length)\n\nExisting partial mitigations (already active):\n\n1. TPM clock monotonicity check: limits each quote to one replay.\n2. Push attestation timeout (default 10s): constrains the quote generation window, but TPM throughput allows 50-200 quotes to be stockpiled in that time.",
"product_ids": [
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.src",
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-selinux-0:7.14.1-5.el10_2.1.noarch",
"AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.src",
"AppStream-10.2.Z:keylime-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-base-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-registrar-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-selinux-0:7.14.1-5.el10_2.1.noarch",
"AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-tenant-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-tools-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:keylime-verifier-0:7.14.1-5.el10_2.1.x86_64",
"AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.aarch64",
"AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.ppc64le",
"AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.s390x",
"AppStream-10.2.Z:python3-keylime-0:7.14.1-5.el10_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keylime: Keylime: Security bypass due to hardcoded TPM quote nonce"
}
]
}
SUSE-SU-2026:22326-1
Vulnerability from csaf_suse - Published: 2026-06-22 14:27 - Updated: 2026-06-22 14:27| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:keylime-config-7.14.2-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:keylime-firewalld-7.14.2-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:keylime-logrotate-7.14.2-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:keylime-registrar-7.14.2-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:keylime-tenant-7.14.2-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:keylime-tpm_cert_store-7.14.2-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:keylime-verifier-7.14.2-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:python313-keylime-7.14.2-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:keylime-config-7.14.2-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:keylime-firewalld-7.14.2-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:keylime-logrotate-7.14.2-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:keylime-registrar-7.14.2-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tenant-7.14.2-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tpm_cert_store-7.14.2-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:keylime-verifier-7.14.2-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:python313-keylime-7.14.2-160000.1.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for keylime fixes the following issue\n\n- CVE-2026-6420: use of hardcoded challenge nonce for TPM quote attestation allows for security bypass (bsc#1264265).\n\nChanges for keylime:\n\n- Update to version 7.14.2.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-1037",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22326-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22326-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622326-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22326-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-July/047813.html"
},
{
"category": "self",
"summary": "SUSE Bug 1264265",
"url": "https://bugzilla.suse.com/1264265"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6420 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6420/"
}
],
"title": "Security update for keylime",
"tracking": {
"current_release_date": "2026-06-22T14:27:22Z",
"generator": {
"date": "2026-06-22T14:27:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22326-1",
"initial_release_date": "2026-06-22T14:27:22Z",
"revision_history": [
{
"date": "2026-06-22T14:27:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-config-7.14.2-160000.1.1.noarch",
"product": {
"name": "keylime-config-7.14.2-160000.1.1.noarch",
"product_id": "keylime-config-7.14.2-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "keylime-firewalld-7.14.2-160000.1.1.noarch",
"product": {
"name": "keylime-firewalld-7.14.2-160000.1.1.noarch",
"product_id": "keylime-firewalld-7.14.2-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "keylime-logrotate-7.14.2-160000.1.1.noarch",
"product": {
"name": "keylime-logrotate-7.14.2-160000.1.1.noarch",
"product_id": "keylime-logrotate-7.14.2-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "keylime-registrar-7.14.2-160000.1.1.noarch",
"product": {
"name": "keylime-registrar-7.14.2-160000.1.1.noarch",
"product_id": "keylime-registrar-7.14.2-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "keylime-tenant-7.14.2-160000.1.1.noarch",
"product": {
"name": "keylime-tenant-7.14.2-160000.1.1.noarch",
"product_id": "keylime-tenant-7.14.2-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "keylime-tpm_cert_store-7.14.2-160000.1.1.noarch",
"product": {
"name": "keylime-tpm_cert_store-7.14.2-160000.1.1.noarch",
"product_id": "keylime-tpm_cert_store-7.14.2-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "keylime-verifier-7.14.2-160000.1.1.noarch",
"product": {
"name": "keylime-verifier-7.14.2-160000.1.1.noarch",
"product_id": "keylime-verifier-7.14.2-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "python313-keylime-7.14.2-160000.1.1.noarch",
"product": {
"name": "python313-keylime-7.14.2-160000.1.1.noarch",
"product_id": "python313-keylime-7.14.2-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-config-7.14.2-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:keylime-config-7.14.2-160000.1.1.noarch"
},
"product_reference": "keylime-config-7.14.2-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-firewalld-7.14.2-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:keylime-firewalld-7.14.2-160000.1.1.noarch"
},
"product_reference": "keylime-firewalld-7.14.2-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-logrotate-7.14.2-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:keylime-logrotate-7.14.2-160000.1.1.noarch"
},
"product_reference": "keylime-logrotate-7.14.2-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-7.14.2-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:keylime-registrar-7.14.2-160000.1.1.noarch"
},
"product_reference": "keylime-registrar-7.14.2-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-7.14.2-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:keylime-tenant-7.14.2-160000.1.1.noarch"
},
"product_reference": "keylime-tenant-7.14.2-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tpm_cert_store-7.14.2-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:keylime-tpm_cert_store-7.14.2-160000.1.1.noarch"
},
"product_reference": "keylime-tpm_cert_store-7.14.2-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-7.14.2-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:keylime-verifier-7.14.2-160000.1.1.noarch"
},
"product_reference": "keylime-verifier-7.14.2-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-keylime-7.14.2-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:python313-keylime-7.14.2-160000.1.1.noarch"
},
"product_reference": "python313-keylime-7.14.2-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-config-7.14.2-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-config-7.14.2-160000.1.1.noarch"
},
"product_reference": "keylime-config-7.14.2-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-firewalld-7.14.2-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-firewalld-7.14.2-160000.1.1.noarch"
},
"product_reference": "keylime-firewalld-7.14.2-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-logrotate-7.14.2-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-logrotate-7.14.2-160000.1.1.noarch"
},
"product_reference": "keylime-logrotate-7.14.2-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-7.14.2-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-registrar-7.14.2-160000.1.1.noarch"
},
"product_reference": "keylime-registrar-7.14.2-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-7.14.2-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tenant-7.14.2-160000.1.1.noarch"
},
"product_reference": "keylime-tenant-7.14.2-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tpm_cert_store-7.14.2-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tpm_cert_store-7.14.2-160000.1.1.noarch"
},
"product_reference": "keylime-tpm_cert_store-7.14.2-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-7.14.2-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-verifier-7.14.2-160000.1.1.noarch"
},
"product_reference": "keylime-verifier-7.14.2-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-keylime-7.14.2-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:python313-keylime-7.14.2-160000.1.1.noarch"
},
"product_reference": "python313-keylime-7.14.2-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6420"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:keylime-config-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-firewalld-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-logrotate-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-registrar-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-tenant-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-tpm_cert_store-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-verifier-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:python313-keylime-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-config-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-firewalld-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-logrotate-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-registrar-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tenant-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tpm_cert_store-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-verifier-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-keylime-7.14.2-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6420",
"url": "https://www.suse.com/security/cve/CVE-2026-6420"
},
{
"category": "external",
"summary": "SUSE Bug 1264265 for CVE-2026-6420",
"url": "https://bugzilla.suse.com/1264265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:keylime-config-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-firewalld-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-logrotate-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-registrar-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-tenant-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-tpm_cert_store-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-verifier-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:python313-keylime-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-config-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-firewalld-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-logrotate-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-registrar-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tenant-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tpm_cert_store-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-verifier-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-keylime-7.14.2-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:keylime-config-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-firewalld-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-logrotate-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-registrar-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-tenant-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-tpm_cert_store-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-verifier-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:python313-keylime-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-config-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-firewalld-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-logrotate-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-registrar-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tenant-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tpm_cert_store-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-verifier-7.14.2-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-keylime-7.14.2-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T14:27:22Z",
"details": "moderate"
}
],
"title": "CVE-2026-6420"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.