Description

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.

INFO

Published Date :

2026-05-06T10:19:39.121Z

Last Modified :

2026-05-06T15:24:21.052Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2026-6420 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-6420.

URL Resource
https://access.redhat.com/security/cve/CVE-2026-6420 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2458889 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-6420 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-6420 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact