Use-after-free in Linux kernel char tpm driver

1) Use-after-free

EUVDB-ID: #VU104466

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49287

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dev_err() function in drivers/char/tpm/tpm2-space.c, within the tpm_dev_release(), tpm_chip_alloc(), tpm_add_char_device() and tpm_chip_unregister() functions in drivers/char/tpm/tpm-chip.c. A local user can escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links

https://git.kernel.org/stable/c/290e05f346d1829e849662c97e42d5ad984f5258
https://git.kernel.org/stable/c/2f928c0d5c02dbab49e8c19d98725c822f6fc409
https://git.kernel.org/stable/c/473a66f99cb8173c14138c5a5c69bfad04e8f9ac
https://git.kernel.org/stable/c/662893b4f6bd466ff9e1cd454c44c26d32d554fe
https://git.kernel.org/stable/c/6e7baf84149fb43950631415de231b3a41915aa3
https://git.kernel.org/stable/c/7e0438f83dc769465ee663bb5dcf8cc154940712
https://git.kernel.org/stable/c/a27ed2f3695baf15f9b34d2d7a1f9fc105539a81
https://git.kernel.org/stable/c/cb64bd038beacb4331fe464a36c8b5481e8f51e2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.