Description
In the Linux kernel, the following vulnerability has been resolved:

tpm: st33zp24: Fix missing cleanup on get_burstcount() error

get_burstcount() can return -EBUSY on timeout. When this happens,
st33zp24_send() returns directly without releasing the locality
acquired earlier.

Use goto out_err to ensure proper cleanup when get_burstcount() fails.
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel TPM st33zp24 driver, the get_burstcount function can return a busy error on timeout. When this occurs, the driver fails to release the locality that was previously acquired, leaving it locked. This incomplete cleanup stalls subsequent TPM requests, potentially disabling authentication, secure boot, or any application that relies on TPM services. The weakness is a lack of proper error handling and cleanup, which can lead to a denial of service for the affected host.

Affected Systems

The bug is present in all Linux kernel releases that ship the st33zp24 TPM driver before the patch referenced in commit 1256c6dc. It affects any distribution that includes this driver in its kernel image, regardless of version, as the issue is not tied to a specific kernel release but to the presence of the faulty code path. System administrators should confirm whether their running kernel contains the st33zp24 driver and whether it predates the described fix.

Risk and Exploitability

The CVSS score is not provided, and the EPSS score is unavailable; the vulnerability is not listed in CISA's KEV catalog. The flaw requires a local error condition – a busy timeout in get_burstcount – making remote exploitation unlikely. An attacker with local privileges could trigger TPM command timeouts to lock the locality, leading to a denial of service that affects system authentication or cryptographic operations. The overall risk is moderate, with a typical attack vector being local privilege or service exploitation rather than remote network attacks.

Generated by OpenCVE AI on May 27, 2026 at 20:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the st33zp24 driver fix, as referenced in the kernel commit logs.
  • Verify that the TPM locality is properly released after a get_burstcount error by performing TPM diagnostic tests or monitoring st33zp24 module state.
  • If an immediate kernel update is not possible, consider disabling or removing the st33zp24 driver to prevent the locality lock from impacting system operations.

Generated by OpenCVE AI on May 27, 2026 at 20:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: tpm: st33zp24: Fix missing cleanup on get_burstcount() error get_burstcount() can return -EBUSY on timeout. When this happens, st33zp24_send() returns directly without releasing the locality acquired earlier. Use goto out_err to ensure proper cleanup when get_burstcount() fails.
Title tpm: st33zp24: Fix missing cleanup on get_burstcount() error
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:15:51.317Z

Reserved: 2026-05-13T15:03:33.081Z

Link: CVE-2026-45871

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:00.543

Modified: 2026-05-27T14:48:31.480

Link: CVE-2026-45871

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T20:45:25Z

Weaknesses

No weakness.