Back

Critical Security Bypass in Fedora Keylime Affects Multiple Versions

Severity: High (Score: 70.5)

Sources: Linuxsecurity

Published: 2026-06-07 · Updated: 2026-06-07

Keywords: keylime, update, fedora, security, cve-2026, updating, release

Severity indicators: critical, critical security

Summary

Fedora has released a critical update for Keylime version 7.14.2 to address CVE-2026-6420, a security bypass vulnerability caused by a hardcoded TPM quote nonce. This flaw affects users of Fedora 43 and 44, potentially allowing unauthorized access to sensitive data. The vulnerability was published on May 6, 2026, and has been confirmed to impact the keylime-selinux policy. Users are advised to upgrade to the latest version (44.1.0) to mitigate risks. The update can be installed using the 'dnf' package manager. As of June 7, 2026, no active exploitation has been reported, but the severity of the vulnerability necessitates immediate attention from system administrators. Key Points: • CVE-2026-6420 is a critical security bypass affecting Fedora Keylime versions. • The vulnerability is due to a hardcoded TPM quote nonce, allowing potential unauthorized access. • Users are urged to update to keylime-selinux policy version 44.1.0 immediately.

Detailed Analysis

**Impact** Multiple Fedora versions, including Fedora 43 and 44, are affected by a critical security bypass in Keylime. This vulnerability impacts systems relying on TPM-based attestation for platform integrity, potentially compromising trusted computing environments across sectors using Fedora in cloud, enterprise, and government infrastructures. No specific data breach numbers or geographic details are provided. **Technical Details** The vulnerability, tracked as CVE-2026-6420, involves a security bypass caused by a hardcoded TPM quote nonce in Keylime, allowing attackers to circumvent TPM-based attestation mechanisms. The issue affects Keylime version 7.14.2 and related SELinux policies. No malware, attack infrastructure, or additional TTPs are detailed in the sources. **Recommended Response** Apply the Keylime update v7.14.2 immediately, which includes the fix for CVE-2026-6420 and updates the keylime-selinux policy to version 44.1.0. Use the Fedora "dnf" package manager with the appropriate advisory flags (`FEDORA-2026-513c495139` for Fedora 43 and `FEDORA-2026-9064cdf8ef` for Fedora 44). Monitor for unusual TPM attestation failures or anomalies in platform integrity verification processes.

Source articles (2)

  • Fedora 44 Keylime Major Security Update Addresses CVE-2026 — Linuxsecurity · 2026-06-07
    Updating for Keylime release v7.14.2: This includes the fix for CVE-2026-6420. Update keylime-selinux policy to the latest version 44.1.0 * Wed May 27 2026 Anderson Toshiyuki Sasaki - 7.14.2-1 - Updat…
  • Fedora 43 Keylime Critical Security Bypass CVE-2026 — Linuxsecurity · 2026-06-07
    Updating for Keylime release v7.14.2: This includes the fix for CVE-2026-6420. Update keylime-selinux policy to the latest version 44.1.0 * Wed May 27 2026 Anderson Toshiyuki Sasaki - 7.14.2-1 - Updat…

Timeline

  • 2026-05-06 — CVE-2026-6420 published: CVE-2026-6420 was published, detailing a security bypass in Keylime due to a hardcoded TPM quote nonce.
  • 2026-05-27 — Keylime release v7.14.2 issued: Fedora released Keylime version 7.14.2, which includes a fix for CVE-2026-6420 and updates to the keylime-selinux policy.
  • 2026-06-07 — Security advisory published: Fedora issued a security advisory urging users to upgrade to the latest keylime-selinux policy to address CVE-2026-6420.

CVEs

  • CVE-2026-6420

Related entities

  • Zero-day Exploit (Attack Type)
  • CWE-287 - Improper Authentication (Cwe)
  • CWE-798 - Use of Hard-coded Credentials (Cwe)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed