High severityNVD Advisory· Published Nov 22, 2022· Updated Apr 29, 2025
CVE-2022-3500
CVE-2022-3500
Description
A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keylimePyPI | < 6.5.1 | 6.5.1 |
Affected products
11- ghsa-coords10 versionspkg:pypi/keylimepkg:rpm/almalinux/keylimepkg:rpm/almalinux/keylime-basepkg:rpm/almalinux/keylime-registrarpkg:rpm/almalinux/keylime-selinuxpkg:rpm/almalinux/keylime-tenantpkg:rpm/almalinux/keylime-verifierpkg:rpm/almalinux/python3-keylimepkg:rpm/opensuse/keylime&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/keylime&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4
< 6.5.1+ 9 more
- (no CPE)range: < 6.5.1
- (no CPE)range: < 6.5.1-1.el9_1
- (no CPE)range: < 6.5.1-1.el9_1
- (no CPE)range: < 6.5.1-1.el9_1
- (no CPE)range: < 6.5.1-1.el9_1
- (no CPE)range: < 6.5.1-1.el9_1
- (no CPE)range: < 6.5.1-1.el9_1
- (no CPE)range: < 6.5.1-1.el9_1
- (no CPE)range: < 6.3.2-150400.4.14.1
- (no CPE)range: < 6.3.2-150400.4.14.1
Patches
Vulnerability mechanics
References
16- github.com/advisories/GHSA-hff2-x2j9-gxgvghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUTHMDVFNGGVPCNPOGULMJAAFEP7MEXP/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QX4XVCAUFGJ2I2NCTOKONTJGRJB2NBBT/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQH5CJRX65QYMQN5WGUKKKE3IRJBWG5Z/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2022-3500ghsaADVISORY
- access.redhat.com/security/cve/CVE-2022-3500ghsaWEB
- github.com/keylime/keylime/commit/f969d397f92962b553f8c5bcbbeeb3bbdeca9456ghsaWEB
- github.com/keylime/keylime/pull/1128ghsaWEB
- github.com/keylime/keylime/security/advisories/GHSA-hff2-x2j9-gxgvghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/keylime/PYSEC-2022-42995.yamlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUTHMDVFNGGVPCNPOGULMJAAFEP7MEXPghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QX4XVCAUFGJ2I2NCTOKONTJGRJB2NBBTghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQH5CJRX65QYMQN5WGUKKKE3IRJBWG5ZghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUTHMDVFNGGVPCNPOGULMJAAFEP7MEXPghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QX4XVCAUFGJ2I2NCTOKONTJGRJB2NBBTghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQH5CJRX65QYMQN5WGUKKKE3IRJBWG5ZghsaWEB
News mentions
0No linked articles in our index yet.