SB20250226283 - Use-after-free in Linux kernel char tpm driver
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226283
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2022-49287)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dev_err() function in drivers/char/tpm/tpm2-space.c, within the tpm_dev_release(), tpm_chip_alloc(), tpm_add_char_device() and tpm_chip_unregister() functions in drivers/char/tpm/tpm-chip.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/290e05f346d1829e849662c97e42d5ad984f5258
- https://git.kernel.org/stable/c/2f928c0d5c02dbab49e8c19d98725c822f6fc409
- https://git.kernel.org/stable/c/473a66f99cb8173c14138c5a5c69bfad04e8f9ac
- https://git.kernel.org/stable/c/662893b4f6bd466ff9e1cd454c44c26d32d554fe
- https://git.kernel.org/stable/c/6e7baf84149fb43950631415de231b3a41915aa3
- https://git.kernel.org/stable/c/7e0438f83dc769465ee663bb5dcf8cc154940712
- https://git.kernel.org/stable/c/a27ed2f3695baf15f9b34d2d7a1f9fc105539a81
- https://git.kernel.org/stable/c/cb64bd038beacb4331fe464a36c8b5481e8f51e2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.238