CVE-2024-49851

...

SUSE CVE-2022-48997

In the Linux kernel, the following vulnerability has been resolved: char: tpm: Protect tpmpmsuspend with locks Currently tpm transactions are executed unconditionally in tpmpmsuspend function, which may lead to races with other tpm accessors in the system. Specifically, the hwrandom tpm driver...

SUSE CVE-2024-49851

In the Linux kernel, the following vulnerability has been resolved: tpm: Clean up TPM space after command failure tpmdevtransmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can result in transient handle...

AZL-50725 CVE-2024-49851 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: tpm: Clean up TPM space after command failure tpmdevtransmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can result in transient handle...

UBUNTU-CVE-2024-49851

In the Linux kernel, the following vulnerability has been resolved: tpm: Clean up TPM space after command failure tpmdevtransmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can result in transient handle...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the failure of the tpm driver to clean up TPM space after a command failure...

The vulnerability of the tpm_buf_check_hmac_response() function in the Linux operating system’s TPM kernel allows a hacker to induce a service failure.

The vulnerability of the tpmbufcheckhmacresponse function in the drivers/char/tpm/tpm2-sessions.c file of the Trusted Platform Module TPM driver for the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to trigger a servic...

CVE-2024-29040

...

OESA-2024-2082 tpm2-tools security update

The package contains the code for the TPM Trusted Platform Module 2.0 tools based on tpm2-tss. Security Fixes: tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This...

OESA-2024-2081 tpm2-tools security update

The package contains the code for the TPM Trusted Platform Module 2.0 tools based on tpm2-tss. Security Fixes: tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This...

ROS-20240819-01

Vulnerability of rtl92epcidisconnect function in drivers/staging/rtl8192e/rtl8192e/rtlcore.c module of the RealTek RTL8192E wireless adapter driver of the Linux kernel is related to the reuse of previously freed memory. reuse of previously freed memory. Exploitation of the vulnerability could all...

ROS-20240816-12

Vulnerability of setupdscconfig function in drivers/gpu/drm/amd/display/dc/dsc/dcdsc.c module of driver amdgpu of the Linux operating system kernel is related to a lack of input validation. Exploitation the vulnerability could allow an attacker to cause a denial of service A vulnerability in the...

UBUNTU-CVE-2024-42255

In the Linux kernel, the following vulnerability has been resolved: tpm: Use auth only after NULL check in tpmbufcheckhmacresponse Dereference auth after NULL check in tpmbufcheckhmacresponse. Otherwise, unless tpm2sessionsinit was called, a call can cause NULL dereference, when TCGTPM2HMAC is...

The vulnerability of the tpm2_key_encode() function of the Trusted Platform Module (TPM) in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the tpm2keyencode function in the security/keys/trusted-keys/trustedtpm2.c file of the Trusted Platform Module TPM subsystem of the Linux kernel is related to improper handling of the asn1encodesequence function’s return code. Exploiting this vulnerability could allow an...

The vulnerability of the tpm_tis_spi_init() function in the Linux operating system’s TPM driver allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the tpmtisspiinit function in the drivers/char/tpm/tpmtisspimain.c file of the Trusted Platform Module TPM driver for the Linux operating system is related to reading memory beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the...

tpm2-tss: Buffer Overlow in TSS2_RC_Decode

A flaw was found in tpm2-tss, which is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In affected versions, Tss2RCSetHandler and Tss2RCDecode index into the layerhandler with an 8-bit layer number, but the array only ha...

tpm2 does not detect if quote was not generated by TPM

...

Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state

...

PT-2024-6943 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the tpm buf check hmac response function in the Linux kernel's Trusted Platform Module TPM driver. It involves a null pointer dereference when TCG TPM2 HMAC is...

CVE-2024-36477

...