CVE-2025-71147

MEDIUM

Linux Kernel 5.13-5.15.198, 5.16-6.1.160, 6.2-6.6.120, 6.7-6.12.64, 6.13-6.18.3 - Use-After-Free in TPM2 Key Loading

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2_load_cmd 'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper.

References (6)

Core 6

Core References

Patch

https://git.kernel.org/stable/c/3fd7df4636d8fd5e3592371967a5941204368936

Patch

https://git.kernel.org/stable/c/af0689cafb127a8d1af78cc8b72585c9b2a19ecd

Patch

https://git.kernel.org/stable/c/19166de9737218b77122c41a5730ac87025e089f

Patch

https://git.kernel.org/stable/c/9b015f2918b95bdde2ca9cefa10ef02b138aae1e

Patch

https://git.kernel.org/stable/c/9e7c63c69f57b1db1a8a1542359a6167ff8fcef1

Patch

https://git.kernel.org/stable/c/62cd5d480b9762ce70d720a81fa5b373052ae05f

Scores

CVSS v3 5.5

EPSS 0.0011

EPSS Percentile 1.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (20)

linux/Kernel 5.13.0 - 5.15.198linux

linux/Kernel 5.16.0 - 6.1.160linux

linux/Kernel 6.13.0 - 6.18.3linux

linux/Kernel 6.2.0 - 6.6.120linux

linux/Kernel 6.7.0 - 6.12.64linux

Linux/Linux < 5.13

Linux/Linux 5.13

Linux/Linux 5.15.198 - 5.15.*

Linux/Linux 6.1.160 - 6.1.*

Linux/Linux 6.12.64 - 6.12.*

... and 10 more

Published Jan 23, 2026

Tracked Since Feb 18, 2026