Impact
The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to other processes on the host.
Patches
Users should upgrade to at least 6.3.x.
Workarounds
None
Credit
Many thanks to Matthias Gerstner for finding this issue and for Alberto Planas for the fix.
For more information
If you have any questions or comments about this advisory:
Impact
The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to other processes on the host.
Patches
Users should upgrade to at least 6.3.x.
Workarounds
None
Credit
Many thanks to Matthias Gerstner for finding this issue and for Alberto Planas for the fix.
For more information
If you have any questions or comments about this advisory: