CVE-2022-1053
Description
Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. A successful attack breaks the entire chain of trust because a not validated AK is used by the verifier. This issue is worse if the validation happens first and then the agent gets added to the verifier because the timing is easier and the verifier does not validate the regcount entry being equal to 1,
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Keylime does not enforce consistent agent registrar data, allowing an attacker to substitute a software TPM's AK and break the trust chain.
Vulnerability
Keylime does not enforce that the agent registrar data used by the tenant for EK and identity quote validation is the same data used by the verifier for integrity quote validation [3]. This inconsistency allows an attacker to use a valid AK/EK pair from a real TPM to pass EK validation, while providing a different AK (e.g., from a software TPM) to the verifier. The vulnerability exists in the interaction between the tenant, registrar, and verifier components. Affected versions include all Keylime releases prior to the fix in commit bd5de712acdd77860e7dc58969181e16c7a8dc5d [4].
Exploitation
An attacker must first successfully register an agent with a real TPM's EK and AK to pass identity validation. Later, when the verifier performs integrity validation, the attacker can supply a software TPM's AK instead. The attack is easier if the tenant's validation occurs before the agent is added to the verifier, as the verifier does not check that the regcount entry equals 1 [3]. No specific privileges are required beyond the ability to register an agent.
Impact
A successful attack breaks the entire chain of trust, as the verifier uses an AK that was not properly validated. This allows untrusted software to be measured as trusted, potentially leading to unauthorized access or data compromise. The integrity monitoring and secret provisioning relying on attested integrity measurements are undermined [3].
Mitigation
The issue is fixed in commit bd5de712acdd77860e7dc58969181e16c7a8dc5d [4]. Users should update to a version that includes this fix. If immediate update is not possible, manual review of registrar data consistency may be considered, but no official workaround is documented. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of this writing.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keylimePyPI | < 6.4.0 | 6.4.0 |
Affected products
4- Keylime/Keylimedescription
- ghsa-coords3 versionspkg:pypi/keylimepkg:rpm/opensuse/keylime&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/keylime&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4
< 6.4.0+ 2 more
- (no CPE)range: < 6.4.0
- (no CPE)range: < 6.3.2-150400.4.11.1
- (no CPE)range: < 6.3.2-150400.4.11.1
Patches
1bd5de712acddtenant, verifier: let the tenant provide the AK and mTLS certificate
2 files changed · +6 −17
keylime/cloud_verifier_tornado.py+4 −17 modified@@ -19,7 +19,6 @@ from keylime import config from keylime import json -from keylime import registrar_client from keylime.agentstates import AgentAttestStates from keylime.common import states, validators, retry from keylime.db.verifier_db import VerfierMain @@ -444,6 +443,8 @@ def post(self): agent_data['accept_tpm_encryption_algs'] = json_body['accept_tpm_encryption_algs'] agent_data['accept_tpm_signing_algs'] = json_body['accept_tpm_signing_algs'] agent_data['supported_version'] = json_body['supported_version'] + agent_data['ak_tpm'] = json_body['ak_tpm'] + agent_data['mtls_cert'] = json_body.get('mtls_cert', None) agent_data['hash_alg'] = "" agent_data['enc_alg'] = "" agent_data['sign_alg'] = "" @@ -457,22 +458,8 @@ def post(self): agent_data['verifier_ip'] = config.get('cloud_verifier', 'cloudverifier_ip') agent_data['verifier_port'] = config.get('cloud_verifier', 'cloudverifier_port') - # We fetch the registrar data directly here because we require it for connecting to the agent - # using mTLS - registrar_client.init_client_tls('cloud_verifier') - registrar_data = registrar_client.getData(config.get("cloud_verifier", "registrar_ip"), - config.get("cloud_verifier", "registrar_port"), agent_id) - if registrar_data is None: - web_util.echo_json_response(self, 400, - f"Data for agent {agent_id} could not be found in registrar!") - logger.warning("Data for agent %s could not be found in registrar!", agent_id) - return - - agent_data['mtls_cert'] = registrar_data.get('mtls_cert', None) - agent_data['ak_tpm'] = registrar_data['aik_tpm'] - # TODO: Always error for v1.0 version after initial upgrade - if registrar_data.get('mtls_cert', None) is None and agent_data['supported_version'] != "1.0": + if agent_data['mtls_cert'] is None and agent_data['supported_version'] != "1.0": web_util.echo_json_response(self, 400, "mTLS certificate for agent is required!") return @@ -510,7 +497,7 @@ def post(self): # Prepare SSLContext for mTLS connections agent_mtls_cert_enabled = config.getboolean('cloud_verifier', 'agent_mtls_cert_enabled', fallback=False) - mtls_cert = registrar_data.get('mtls_cert', None) + mtls_cert = agent_data['mtls_cert'] agent_data['ssl_context'] = None if agent_mtls_cert_enabled and mtls_cert: agent_data['ssl_context'] = web_util.generate_agent_mtls_context(mtls_cert, self.mtls_options)
keylime/tenant.py+2 −0 modified@@ -631,6 +631,8 @@ def do_cv(self): 'accept_tpm_hash_algs': self.accept_tpm_hash_algs, 'accept_tpm_encryption_algs': self.accept_tpm_encryption_algs, 'accept_tpm_signing_algs': self.accept_tpm_signing_algs, + 'ak_tpm': self.registrar_data['aik_tpm'], + 'mtls_cert': self.registrar_data.get('mtls_cert', None), 'supported_version': self.supported_version, } json_message = json.dumps(data)
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
14- github.com/advisories/GHSA-jf66-3q76-h5p5ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7WAKVXM7L5D2DUACV6EHA6EJNAX2GVL/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RF6QHU4UGSBATC3HOOE7OP66CYVTR7CV/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WEW2PAXO5YGLDLPG45YV2OPLJXJSCECQ/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2022-1053ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsaWEB
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- github.com/keylime/keylime/commit/bd5de712acdd77860e7dc58969181e16c7a8dc5dghsax_refsource_MISCWEB
- github.com/keylime/keylime/security/advisories/GHSA-jf66-3q76-h5p5ghsaWEB
- github.com/keylime/keylime/security/advisories/GHSA-jf66-3q76-h5p5%2Cmitrex_refsource_MISC
- github.com/pypa/advisory-database/tree/main/vulns/keylime/PYSEC-2022-184.yamlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WAKVXM7L5D2DUACV6EHA6EJNAX2GVLghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RF6QHU4UGSBATC3HOOE7OP66CYVTR7CVghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEW2PAXO5YGLDLPG45YV2OPLJXJSCECQghsaWEB
News mentions
0No linked articles in our index yet.