In the Linux kernel, the following vulnerability has been resolved:
tpm: Use auth only after NULL check in tpm_buf_check_hmac_response()
Dereference auth after NULL check in tpm_buf_check_hmac_response().
Otherwise, unless tpm2_sessions_init() was called, a call can cause NULL
dereference, when TCG_TPM2_HMAC is enabled.
[jarkko: adjusted the commit message.]
Metrics
Affected Vendors & Products
References
History
Wed, 11 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 06 Sep 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux linux Kernel |
|
Weaknesses | CWE-476 | |
CPEs | cpe:2.3:o:linux:linux_kernel:6.10:-:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.10:rc7:*:*:*:*:*:* |
|
Vendors & Products |
Linux
Linux linux Kernel |
Fri, 09 Aug 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Thu, 08 Aug 2024 09:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In the Linux kernel, the following vulnerability has been resolved: tpm: Use auth only after NULL check in tpm_buf_check_hmac_response() Dereference auth after NULL check in tpm_buf_check_hmac_response(). Otherwise, unless tpm2_sessions_init() was called, a call can cause NULL dereference, when TCG_TPM2_HMAC is enabled. [jarkko: adjusted the commit message.] | |
Title | tpm: Use auth only after NULL check in tpm_buf_check_hmac_response() | |
References |
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-08-08T08:49:15.078Z
Updated: 2024-09-15T17:52:17.966Z
Reserved: 2024-07-30T07:40:12.257Z
Link: CVE-2024-42255
Vulnrichment
Updated: 2024-09-11T12:42:24.051Z
NVD
Status : Analyzed
Published: 2024-08-08T09:15:08.470
Modified: 2024-09-06T13:41:30.843
Link: CVE-2024-42255
Redhat