Description

In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpm_read_log_efi is called multiple times, which happens when one loads and unloads a TPM2 driver multiple times, then the global variable efi_tpm_final_log_size will at some point become a negative number due to the subtraction of final_events_preboot_size occurring each time. Use a local variable to avoid this integer underflow. The following issue is now resolved: Mar 8 15:35:12 hibinst kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Mar 8 15:35:12 hibinst kernel: Workqueue: tpm-vtpm vtpm_proxy_work [tpm_vtpm_proxy] Mar 8 15:35:12 hibinst kernel: RIP: 0010:__memcpy+0x12/0x20 Mar 8 15:35:12 hibinst kernel: Code: 00 b8 01 00 00 00 85 d2 74 0a c7 05 44 7b ef 00 0f 00 00 00 c3 cc cc cc 66 66 90 66 90 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 f3 a4 Mar 8 15:35:12 hibinst kernel: RSP: 0018:ffff9ac4c0fcfde0 EFLAGS: 00010206 Mar 8 15:35:12 hibinst kernel: RAX: ffff88f878cefed5 RBX: ffff88f878ce9000 RCX: 1ffffffffffffe0f Mar 8 15:35:12 hibinst kernel: RDX: 0000000000000003 RSI: ffff9ac4c003bff9 RDI: ffff88f878cf0e4d Mar 8 15:35:12 hibinst kernel: RBP: ffff9ac4c003b000 R08: 0000000000001000 R09: 000000007e9d6073 Mar 8 15:35:12 hibinst kernel: R10: ffff9ac4c003b000 R11: ffff88f879ad3500 R12: 0000000000000ed5 Mar 8 15:35:12 hibinst kernel: R13: ffff88f878ce9760 R14: 0000000000000002 R15: ffff88f77de7f018 Mar 8 15:35:12 hibinst kernel: FS: 0000000000000000(0000) GS:ffff88f87bd00000(0000) knlGS:0000000000000000 Mar 8 15:35:12 hibinst kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Mar 8 15:35:12 hibinst kernel: CR2: ffff9ac4c003c000 CR3: 00000001785a6004 CR4: 0000000000060ee0 Mar 8 15:35:12 hibinst kernel: Call Trace: Mar 8 15:35:12 hibinst kernel: tpm_read_log_efi+0x152/0x1a7 Mar 8 15:35:12 hibinst kernel: tpm_bios_log_setup+0xc8/0x1c0 Mar 8 15:35:12 hibinst kernel: tpm_chip_register+0x8f/0x260 Mar 8 15:35:12 hibinst kernel: vtpm_proxy_work+0x16/0x60 [tpm_vtpm_proxy] Mar 8 15:35:12 hibinst kernel: process_one_work+0x1b4/0x370 Mar 8 15:35:12 hibinst kernel: worker_thread+0x53/0x3e0 Mar 8 15:35:12 hibinst kernel: ? process_one_work+0x370/0x370

Metrics

 

CVSS Version 4.0 CVSS Version 3.x CVSS Version 2.0

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score:  5.5 MEDIUM

Vector:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0 Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink	Resource
https://git.kernel.org/stable/c/2f12258b5224cfaa808c54fd29345f3c1cbfca76	Patch
https://git.kernel.org/stable/c/3818b753277f5ca0c170bf5b98e0a5a225542fcb	Patch
https://git.kernel.org/stable/c/48cff270b037022e37835d93361646205ca25101	Patch
https://git.kernel.org/stable/c/60a01ecc9f68067e4314a0b55148e39e5d58a51b	Patch
https://git.kernel.org/stable/c/ac07c557ca12ec9276c0375517bac7ae5be4e50c	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-191	Integer Underflow (Wrap or Wraparound)	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

CVE Modified by kernel.org 5/28/2024 4:15:28 PM

Action	Type	Old Value	New Value

CVE Modified by kernel.org 5/14/2024 5:45:57 AM

Action	Type	Old Value	New Value

Initial Analysis by NIST 4/10/2024 4:15:55 PM

Action	Type	Old Value	New Value
Added	CPE Configuration		OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.3.0 up to (excluding) 5.4.118 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5.0 up to (excluding) 5.10.36 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11.0 up to (excluding) 5.11.20 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.12.0 up to (excluding) 5.12.3
Added	CVSS V3.1		NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added	CWE		NIST CWE-191
Changed	Reference Type	https://git.kernel.org/stable/c/2f12258b5224cfaa808c54fd29345f3c1cbfca76 No Types Assigned	https://git.kernel.org/stable/c/2f12258b5224cfaa808c54fd29345f3c1cbfca76 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/3818b753277f5ca0c170bf5b98e0a5a225542fcb No Types Assigned	https://git.kernel.org/stable/c/3818b753277f5ca0c170bf5b98e0a5a225542fcb Patch
Changed	Reference Type	https://git.kernel.org/stable/c/48cff270b037022e37835d93361646205ca25101 No Types Assigned	https://git.kernel.org/stable/c/48cff270b037022e37835d93361646205ca25101 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/60a01ecc9f68067e4314a0b55148e39e5d58a51b No Types Assigned	https://git.kernel.org/stable/c/60a01ecc9f68067e4314a0b55148e39e5d58a51b Patch
Changed	Reference Type	https://git.kernel.org/stable/c/ac07c557ca12ec9276c0375517bac7ae5be4e50c No Types Assigned	https://git.kernel.org/stable/c/ac07c557ca12ec9276c0375517bac7ae5be4e50c Patch

New CVE Received by NIST 2/27/2024 2:04:06 PM

Action	Type	Old Value	New Value
Added	Description		Record truncated, showing 500 of 2329 characters. View Entire Change Record In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpm_read_log_efi is called multiple times, which happens when one loads and unloads a TPM2 driver multiple times, then the global variable efi_tpm_final_log_size will at some point become a negative number due to the subtraction of final_events_preboot_size occurring each time. Use a local variable to avoid this integer underflow. The following issue is now reso
Added	Reference		Linux https://git.kernel.org/stable/c/2f12258b5224cfaa808c54fd29345f3c1cbfca76 [No types assigned]
Added	Reference		Linux https://git.kernel.org/stable/c/3818b753277f5ca0c170bf5b98e0a5a225542fcb [No types assigned]
Added	Reference		Linux https://git.kernel.org/stable/c/48cff270b037022e37835d93361646205ca25101 [No types assigned]
Added	Reference		Linux https://git.kernel.org/stable/c/60a01ecc9f68067e4314a0b55148e39e5d58a51b [No types assigned]
Added	Reference		Linux https://git.kernel.org/stable/c/ac07c557ca12ec9276c0375517bac7ae5be4e50c [No types assigned]