CVE-2021-3406
9.8 CRITICALA flaw was found in keylime 5.8.1 and older
Published: 2021-02-25 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-295, CWE-347
Affected products
| Vendor | Product |
|---|---|
| fedoraproject | fedora, keylime |
| keylime | fedora, keylime |
Description
A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3406
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=1932469
- [Other]https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAWKEF2LVXUME266T6RNRVBGAD375QAT/
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=1932469
- [Other]https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAWKEF2LVXUME266T6RNRVBGAD375QAT/
Related CVEs
Same vendor
- CVE-2024-28960 — An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto (8.2 HIGH)
- CVE-2023-51767 — OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer ... (7.0 HIGH)
- CVE-2023-43615 — Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow (7.5 HIGH)
- CVE-2023-25136 — OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling (6.5 MEDIUM)
- CVE-2022-46393 — An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0 (9.8 CRITICAL)
Same CWE
- CVE-2025-71261 — An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere... (8.6 HIGH)
- CVE-2026-9259 — Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier (6.5 MEDIUM)
- CVE-2026-9258 — Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier (6.5 MEDIUM)
- CVE-2026-42743 — Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions (6.5 MEDIUM)
- CVE-2026-45388 — In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows imp... (9.1 CRITICAL)