CVE-2026-45871

A flaw was found in the Linux kernel's Trusted Platform Module TPM subsystem. When the getburstcount function encounters an error, the st33zp24 driver fails to release a previously acquired resource. This oversight can lead to resource exhaustion, potentially allowing a local attacker to cause a...

CVE-2026-45871

In the Linux kernel vulnerability CVE-2026-45871, the issue is in TPM st33zp24 handling within get_burstcount(). On a timeout, get_burstcount() may return -EBUSY, causing st33zp24_send() to return without releasing the previously acquired locality. The fix adds proper cleanup using a goto out_err...

CVE-2026-45871

tpm: st33zp24: Fix missing cleanup on getburstcount error...

PT-2026-43738

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the TPM st33zp24 driver where the get burstcount function can return -EBUSY upon a timeout. In such instances, the st33zp24 send function returns immediately without...

Linux Distros Unpatched Vulnerability : CVE-2026-45871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tpm: st33zp24: Fix missing cleanup on getburstcount error getburstcount can return -EBUSY on timeout. When this happens, st33zp24send returns directly without...