Red Hat Security Advisory: keylime security update
A security vulnerability (CVE-2026-6420) was identified in Keylime, a TPM-based remote boot attestation and runtime integrity measurement solution. The issue involves a security bypass caused by a hardcoded TPM quote nonce. Red Hat has issued a security advisory (RHSA-2026:28582) addressing this vulnerability with an update for Red Hat Enterprise Linux 10. The update is rated as having a moderate security impact. No CVSS score is provided for this vulnerability.
AI Analysis
Technical Summary
CVE-2026-6420 affects Keylime by allowing a security bypass due to the use of a hardcoded TPM quote nonce. This nonce is intended to ensure freshness and prevent replay attacks during TPM quote verification. Hardcoding it undermines the security guarantees of the attestation process. Red Hat has released an update for Keylime in Red Hat Enterprise Linux 10 to fix this issue, as detailed in advisory RHSA-2026:28582.
Potential Impact
The vulnerability allows an attacker to bypass security controls in Keylime's TPM attestation process by exploiting the hardcoded nonce, potentially compromising the integrity verification of remote boot and runtime measurements. This could reduce the trustworthiness of the attestation mechanism, impacting systems relying on Keylime for security assurance.
Mitigation Recommendations
Red Hat has released an official security update for Keylime in Red Hat Enterprise Linux 10 to address this vulnerability. Users should apply the update as described in Red Hat advisory RHSA-2026:28582 and the referenced article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated beyond applying the vendor-provided fix.
Red Hat Security Advisory: keylime security update
Description
A security vulnerability (CVE-2026-6420) was identified in Keylime, a TPM-based remote boot attestation and runtime integrity measurement solution. The issue involves a security bypass caused by a hardcoded TPM quote nonce. Red Hat has issued a security advisory (RHSA-2026:28582) addressing this vulnerability with an update for Red Hat Enterprise Linux 10. The update is rated as having a moderate security impact. No CVSS score is provided for this vulnerability.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-6420 affects Keylime by allowing a security bypass due to the use of a hardcoded TPM quote nonce. This nonce is intended to ensure freshness and prevent replay attacks during TPM quote verification. Hardcoding it undermines the security guarantees of the attestation process. Red Hat has released an update for Keylime in Red Hat Enterprise Linux 10 to fix this issue, as detailed in advisory RHSA-2026:28582.
Potential Impact
The vulnerability allows an attacker to bypass security controls in Keylime's TPM attestation process by exploiting the hardcoded nonce, potentially compromising the integrity verification of remote boot and runtime measurements. This could reduce the trustworthiness of the attestation mechanism, impacting systems relying on Keylime for security assurance.
Mitigation Recommendations
Red Hat has released an official security update for Keylime in Red Hat Enterprise Linux 10 to address this vulnerability. Users should apply the update as described in Red Hat advisory RHSA-2026:28582 and the referenced article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated beyond applying the vendor-provided fix.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:28582
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a3c0ceeeed863c81e2383ed
Added to database: 06/24/2026, 16:59:26 UTC
Last enriched: 06/24/2026, 17:02:08 UTC
Last updated: 06/24/2026, 19:03:31 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.