CVE-2026-6420

Published: Mag 06, 2026 Last Modified: Mag 06, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,3

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: high

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: low

Description

AI Translation Available

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.

1241

Use of Predictable Algorithm in Random Number Generator

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality

Potential Impacts:

Read Application Data

Applicable Platforms

Technologies: System on Chip

View CWE Details

https://access.redhat.com/security/cve/CVE-2026-6420

https://bugzilla.redhat.com/show_bug.cgi?id=2458889

CVE-2026-6420

Description

Use of Predictable Algorithm in Random Number Generator

Common Consequences

Applicable Platforms

Iscriviti alla newsletter