CVE-2026-46096

A flaw was found in the Linux kernel's tpm2-sessions component. The tpm2readpublic function fails to properly destroy a buffer on certain exit paths, leading to a page allocation leak. This resource exhaustion could allow a local attacker to cause a Denial of Service DoS...

CVE-2026-46096

In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix missing tpmbufdestroy in tpm2readpublic tpm2readpublic calls tpmbufinit but fails to call tpmbufdestroy on two exit paths, leaking a page allocation: 1. When namesize returns an error unrecognized hash algorith...

CVE-2026-46096

The CVE affects the Linux kernel’s tpm2-sessions code, specifically tpm2_read_public(). It leaks a page allocation due to missing tpm_buf_destroy() on two exit paths: (1) when name_size() returns an error, the function returns without destroying the buffer; (2) on the success path, the buffer is ...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: tpm: tpmtis: Added the function acpiputtable to prevent a memory leak. In checkacpitpm2, we obtain the TPM2 table just to ensure that it exists and isn’t used after initialization. Therefore, the acpiputtable function should be...

Astra Linux - уязвимость в tpm2-tss

tpm2-tss is an open-source software implementation of the Trusted Computing Group’s Trusted Platform Module 2 Software Stack TSS2. In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, functions Tss2RCSetHandler and Tss2RCDecode both indexed into layerhandler using an 8-bit layer number. However,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: tpm2-sessions: Fixed out-of-range indexing in namesize. The namesize field does not have any range checks; it simply indexes using TPMALGID. This could lead to memory corruption in extreme cases. The issue is addressed by only...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak in tpm2keyencode 'scratch' is never freed. Fix this by calling kfree in the success, and in the error case...

Advisory ROSA-SA-2026-3224

software: tpm2-tools 5.5.1 OS: ROSA-CHROME unaffected versions = tpm2-tools-5.5.1-1 affected versions tpm2-tools-5.5.1-1 CVE-ID: CVE-2024-29039 BDU-ID: 2025-16174 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the tpm2 checkquote component of the Trusted Platform Module tpm2-tools repository fo...

Oracle Linux 8 : virt:kvm_utils3 (ELSA-2026-50118)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50118 advisory. - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501...

SUSE-SU-2026:20487-1 Security update for gpg2

This update for gpg2 fixes the following issues: - CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys bsc1257396. - gpg.fail/filename: GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field bsc1256389...

SUSE-SU-2026:20444-1 Security update for gpg2

This update for gpg2 fixes the following issues: - CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys bsc1257396. - gpg.fail/filename: GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field bsc1256389...

Security update for gpg2

This update for gpg2 fixes the following issues: Security fixes: CVE-2026-24882: Fixed stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys bsc1257396 Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data "Filename" Field bsc1256389 Patch Instructions:...

CVE-2025-71147

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2loadcmd 'tpm2loadcmd' allocates a tempoary blob indirectly via 'tpm2keydecode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper...

CVE-2025-71147

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2loadcmd 'tpm2loadcmd' allocates a tempoary blob indirectly via 'tpm2keydecode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper...

Azure Linux 3.0 Security Update: kernel (CVE-2024-36967)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36967 advisory. - In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak in...

MiracleLinux 8 : tpm2-tools-4.1.1-5.el8 (AXSA:2021-2806:03)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2806:03 advisory. tpm2-tools: fixed AES wrapping key in tpm2import CVE-2021-3565 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 9 : tpm2-tss-3.2.2-2.el9 (AXSA:2023-6873:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6873:02 advisory. tpm2-tss: Buffer Overlow in TSS2RCDecode CVE-2023-22745 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...

MiracleLinux 8 : tpm2-tss-2.3.2-5.el8 (AXSA:2023-7284:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7284:03 advisory. tpm2-tss: Buffer Overlow in TSS2RCDecode CVE-2023-22745 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...

MiracleLinux 9 : tpm2-tools-5.2-4.el9 (AXSA:2024-9175:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-9175:01 advisory. tpm2-tools: arbitrary quote data may go undetected by tpm2checkquote CVE-2024-29038 tpm2-tools: pcr selection value is not compared with the attest...

SUSE CVE-2025-68792

In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in namesize 'namesize' does not have any range checks, and it just directly indexes with TPMALGID, which could lead into memory corruption at worst. Address the issue by only processing...