{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-49851", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-10-21T12:17:06.015Z", "datePublished": "2024-10-21T12:18:44.742Z", "dateUpdated": "2024-11-08T15:56:47.277Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-08T15:56:47.277Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Clean up TPM space after command failure\n\ntpm_dev_transmit prepares the TPM space before attempting command\ntransmission. However if the command fails no rollback of this\npreparation is done. This can result in transient handles being leaked\nif the device is subsequently closed with no further commands performed.\n\nFix this by flushing the space in the event of command transmission\nfailure."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/char/tpm/tpm-dev-common.c", "drivers/char/tpm/tpm2-space.c"], "versions": [{"version": "745b361e989a", "lessThan": "87e8134c1897", "status": "affected", "versionType": "git"}, {"version": "745b361e989a", "lessThan": "2c9b228938e9", "status": "affected", "versionType": "git"}, {"version": "745b361e989a", "lessThan": "ebc4e1f4492d", "status": "affected", "versionType": "git"}, {"version": "745b361e989a", "lessThan": "c84ceb546f30", "status": "affected", "versionType": "git"}, {"version": "745b361e989a", "lessThan": "82478cb8a23b", "status": "affected", "versionType": "git"}, {"version": "745b361e989a", "lessThan": "adf4ce162561", "status": "affected", "versionType": "git"}, {"version": "745b361e989a", "lessThan": "3f9f72d843c9", "status": "affected", "versionType": "git"}, {"version": "745b361e989a", "lessThan": "e3aaebcbb7c6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/char/tpm/tpm-dev-common.c", "drivers/char/tpm/tpm2-space.c"], "versions": [{"version": "4.12", "status": "affected"}, {"version": "0", "lessThan": "4.12", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.285", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.227", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.168", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.113", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.54", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.13", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.2", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/87e8134c18977b566f4ec248c8a147244da69402"}, {"url": "https://git.kernel.org/stable/c/2c9b228938e9266a1065a3f4fe5c99b7235dc439"}, {"url": "https://git.kernel.org/stable/c/ebc4e1f4492d114f9693950621b3ea42b2f82bec"}, {"url": "https://git.kernel.org/stable/c/c84ceb546f30432fccea4891163f7050f5bee5dd"}, {"url": "https://git.kernel.org/stable/c/82478cb8a23bd4f97935bbe60d64528c6d9918b4"}, {"url": "https://git.kernel.org/stable/c/adf4ce162561222338cf2c9a2caa294527f7f721"}, {"url": "https://git.kernel.org/stable/c/3f9f72d843c92fb6f4ff7460d774413cde7f254c"}, {"url": "https://git.kernel.org/stable/c/e3aaebcbb7c6b403416f442d1de70d437ce313a7"}], "title": "tpm: Clean up TPM space after command failure", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-49851", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-21T12:56:54.610460Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T13:04:11.872Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-49851", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-21T12:56:54.610460Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T12:56:57.776Z"}}], "cna": {"title": "tpm: Clean up TPM space after command failure", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "745b361e989a", "lessThan": "87e8134c1897", "versionType": "git"}, {"status": "affected", "version": "745b361e989a", "lessThan": "2c9b228938e9", "versionType": "git"}, {"status": "affected", "version": "745b361e989a", "lessThan": "ebc4e1f4492d", "versionType": "git"}, {"status": "affected", "version": "745b361e989a", "lessThan": "c84ceb546f30", "versionType": "git"}, {"status": "affected", "version": "745b361e989a", "lessThan": "82478cb8a23b", "versionType": "git"}, {"status": "affected", "version": "745b361e989a", "lessThan": "adf4ce162561", "versionType": "git"}, {"status": "affected", "version": "745b361e989a", "lessThan": "3f9f72d843c9", "versionType": "git"}, {"status": "affected", "version": "745b361e989a", "lessThan": "e3aaebcbb7c6", "versionType": "git"}], "programFiles": ["drivers/char/tpm/tpm-dev-common.c", "drivers/char/tpm/tpm2-space.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.12"}, {"status": "unaffected", "version": "0", "lessThan": "4.12", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.285", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.227", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.168", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.113", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.54", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.13", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11.2", "versionType": "semver", "lessThanOrEqual": "6.11.*"}, {"status": "unaffected", "version": "6.12-rc1", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/char/tpm/tpm-dev-common.c", "drivers/char/tpm/tpm2-space.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/87e8134c18977b566f4ec248c8a147244da69402"}, {"url": "https://git.kernel.org/stable/c/2c9b228938e9266a1065a3f4fe5c99b7235dc439"}, {"url": "https://git.kernel.org/stable/c/ebc4e1f4492d114f9693950621b3ea42b2f82bec"}, {"url": "https://git.kernel.org/stable/c/c84ceb546f30432fccea4891163f7050f5bee5dd"}, {"url": "https://git.kernel.org/stable/c/82478cb8a23bd4f97935bbe60d64528c6d9918b4"}, {"url": "https://git.kernel.org/stable/c/adf4ce162561222338cf2c9a2caa294527f7f721"}, {"url": "https://git.kernel.org/stable/c/3f9f72d843c92fb6f4ff7460d774413cde7f254c"}, {"url": "https://git.kernel.org/stable/c/e3aaebcbb7c6b403416f442d1de70d437ce313a7"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Clean up TPM space after command failure\n\ntpm_dev_transmit prepares the TPM space before attempting command\ntransmission. However if the command fails no rollback of this\npreparation is done. This can result in transient handles being leaked\nif the device is subsequently closed with no further commands performed.\n\nFix this by flushing the space in the event of command transmission\nfailure."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-08T15:56:47.277Z"}}}, "cveMetadata": {"cveId": "CVE-2024-49851", "state": "PUBLISHED", "dateUpdated": "2024-11-08T15:56:47.277Z", "dateReserved": "2024-10-21T12:17:06.015Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-21T12:18:44.742Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E629794-ADD6-44B5-8F8E-B768F34539E0", "versionEndExcluding": "5.10.227", "versionStartIncluding": "4.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C", "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE", "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976", "versionEndExcluding": "6.6.54", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE", "versionEndExcluding": "6.10.13", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181", "versionEndExcluding": "6.11.2", "versionStartIncluding": "6.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Clean up TPM space after command failure\n\ntpm_dev_transmit prepares the TPM space before attempting command\ntransmission. However if the command fails no rollback of this\npreparation is done. This can result in transient handles being leaked\nif the device is subsequently closed with no further commands performed.\n\nFix this by flushing the space in the event of command transmission\nfailure."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tpm: Limpiar el espacio TPM despu\u00e9s de un error de comando tpm_dev_transmit prepara el espacio TPM antes de intentar la transmisi\u00f3n del comando. Sin embargo, si el comando falla, no se realiza ninguna reversi\u00f3n de esta preparaci\u00f3n. Esto puede provocar que se filtren los identificadores transitorios si el dispositivo se cierra posteriormente sin que se realicen m\u00e1s comandos. Solucione esto vaciando el espacio en caso de que falle la transmisi\u00f3n del comando."}], "id": "CVE-2024-49851", "lastModified": "2024-11-08T16:15:28.700", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-21T13:15:05.883", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2c9b228938e9266a1065a3f4fe5c99b7235dc439"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3f9f72d843c92fb6f4ff7460d774413cde7f254c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/82478cb8a23bd4f97935bbe60d64528c6d9918b4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/87e8134c18977b566f4ec248c8a147244da69402"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/adf4ce162561222338cf2c9a2caa294527f7f721"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c84ceb546f30432fccea4891163f7050f5bee5dd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e3aaebcbb7c6b403416f442d1de70d437ce313a7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ebc4e1f4492d114f9693950621b3ea42b2f82bec"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-459"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: tpm: Clean up TPM space after command failure", "id": "2320246", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320246"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ntpm: Clean up TPM space after command failure\ntpm_dev_transmit prepares the TPM space before attempting command\ntransmission. However if the command fails no rollback of this\npreparation is done. This can result in transient handles being leaked\nif the device is subsequently closed with no further commands performed.\nFix this by flushing the space in the event of command transmission\nfailure."], "name": "CVE-2024-49851", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-49851\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-49851\nhttps://lore.kernel.org/linux-cve-announce/2024102152-CVE-2024-49851-edd9@gregkh/T"], "threat_severity": "Moderate"}