Skip to content

Keylime: Secure mount logic can leak sensitive data

High
mpeters published GHSA-wj36-qcfg-5j52 Jan 27, 2022

Package

keylime (Keylime)

Affected versions

<6.2.0

Patched versions

6.3.0

Description

Impact

The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to other processes on the host.

Patches

Users should upgrade to at least 6.3.x.

Workarounds

None

Credit

Many thanks to Matthias Gerstner for finding this issue and for Alberto Planas for the fix.

For more information

If you have any questions or comments about this advisory:

Severity

High

CVE ID

CVE-2022-23948

Weaknesses

No CWEs

Credits