CVE-2024-49851
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
tpm: Clean up TPM space after command failure
tpm_dev_transmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can result in transient handles being leaked if the device is subsequently closed with no further commands performed.
Fix this by flushing the space in the event of command transmission failure.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 745b361e989af21ad40811c2586b60229f870a68 < 87e8134c18977b566f4ec248c8a147244da69402 | affected |
| Linux | Linux | 745b361e989af21ad40811c2586b60229f870a68 < 2c9b228938e9266a1065a3f4fe5c99b7235dc439 | affected |
| Linux | Linux | 745b361e989af21ad40811c2586b60229f870a68 < ebc4e1f4492d114f9693950621b3ea42b2f82bec | affected |
| Linux | Linux | 745b361e989af21ad40811c2586b60229f870a68 < c84ceb546f30432fccea4891163f7050f5bee5dd | affected |
| Linux | Linux | 745b361e989af21ad40811c2586b60229f870a68 < 82478cb8a23bd4f97935bbe60d64528c6d9918b4 | affected |
| Linux | Linux | 745b361e989af21ad40811c2586b60229f870a68 < adf4ce162561222338cf2c9a2caa294527f7f721 | affected |
| Linux | Linux | 745b361e989af21ad40811c2586b60229f870a68 < 3f9f72d843c92fb6f4ff7460d774413cde7f254c | affected |
| Linux | Linux | 745b361e989af21ad40811c2586b60229f870a68 < e3aaebcbb7c6b403416f442d1de70d437ce313a7 | affected |
| Linux | Linux | 4.12 | affected |
| Linux | Linux | 0 < 4.12 | unaffected |
| Linux | Linux | 5.4.285 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.227 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.168 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.113 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.54 <= 6.6.* | unaffected |
| Linux | Linux | 6.10.13 <= 6.10.* | unaffected |
| Linux | Linux | 6.11.2 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Additional References
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://cert-portal.siemens.com/productcert/html/ssa-355557.html
References
- https://git.kernel.org/stable/c/87e8134c18977b566f4ec248c8a147244da69402
- https://git.kernel.org/stable/c/2c9b228938e9266a1065a3f4fe5c99b7235dc439
- https://git.kernel.org/stable/c/ebc4e1f4492d114f9693950621b3ea42b2f82bec
- https://git.kernel.org/stable/c/c84ceb546f30432fccea4891163f7050f5bee5dd
- https://git.kernel.org/stable/c/82478cb8a23bd4f97935bbe60d64528c6d9918b4
- https://git.kernel.org/stable/c/adf4ce162561222338cf2c9a2caa294527f7f721
- https://git.kernel.org/stable/c/3f9f72d843c92fb6f4ff7460d774413cde7f254c
- https://git.kernel.org/stable/c/e3aaebcbb7c6b403416f442d1de70d437ce313a7
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.