Keylime TPM Bypass Vulnerability

HIGH (8.2) No Patch (19 days)
cwe-694firmware-vulnerabilityintel-tpmkeylimetpm-bypass

Threat Intelligence

Low Risk
EPSS Score: 0.05% chance of exploitation (percentile: 16%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Keylime is an open-source firmware for Intel-based systems. This vulnerability allows attackers to impersonate a legitimate Keylime agent by registering a new agent with a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This can potentially bypass security controls and allow the attacker to access sensitive data.

Am I affected?

You're affected if you use A vulnerability. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Products

Intel Corporation / Keylime Firmware

How to fix

Concrete steps:

  • Update to Keylime firmware version 1.10.0 or later.
    • For Intel vPro systems, update the firmware using the Intel AMT management interface.
    • For Intel AMT systems, update the firmware using the Intel AMT management interface.
  • Apply immediate mitigations:
    • Restrict network access to your system (firewall it from the public internet).
    • Monitor for suspicious TPM activity.

References