Headline
CVE-2023-1672: cve-details
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.
Red Hat Product Security Center
Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.
Product Security Center
Related news
Ubuntu Security Notice USN-6489-1
Ubuntu Security Notice 6489-1 - Brian McDermott discovered that Tang incorrectly handled permissions when creating/rotating keys. A local attacker could possibly use this issue to read the keys.