CVE-2024-49851

MEDIUM

Linux kernel - Info Disclosure

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: tpm: Clean up TPM space after command failure tpm_dev_transmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can result in transient handles being leaked if the device is subsequently closed with no further commands performed. Fix this by flushing the space in the event of command transmission failure.

References (10)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

[Patch] https://git.kernel.org/stable/c/87e8134c18977b566f4ec248c8a147244da69402

[Patch] https://git.kernel.org/stable/c/2c9b228938e9266a1065a3f4fe5c99b7235dc439

[Patch] https://git.kernel.org/stable/c/3f9f72d843c92fb6f4ff7460d774413cde7f254c

[Patch] https://git.kernel.org/stable/c/82478cb8a23bd4f97935bbe60d64528c6d9918b4

[Patch] https://git.kernel.org/stable/c/adf4ce162561222338cf2c9a2caa294527f7f721

[Patch] https://git.kernel.org/stable/c/c84ceb546f30432fccea4891163f7050f5bee5dd

[Patch] https://git.kernel.org/stable/c/e3aaebcbb7c6b403416f442d1de70d437ce313a7

[Patch] https://git.kernel.org/stable/c/ebc4e1f4492d114f9693950621b3ea42b2f82bec

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-459

Status published

Products (8)

linux/Kernel 4.12.0 - 5.4.285linux

linux/Kernel 5.11.0 - 5.15.168linux

linux/Kernel 5.16.0 - 6.1.113linux

linux/Kernel 5.5.0 - 5.10.227linux

linux/Kernel 6.11.0 - 6.11.2linux

linux/Kernel 6.2.0 - 6.6.54linux

linux/Kernel 6.7.0 - 6.10.13linux

linux/linux_kernel 4.12 - 5.10.227

Published Oct 21, 2024

Tracked Since Feb 18, 2026