CVE-2026-45941 - Vulnerability Details

- tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure

Description

In the Linux kernel, the following vulnerability has been resolved:

tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure

get_burstcount() can return -EBUSY on timeout. When this happens, the
function returns directly without releasing the locality that was
acquired at the beginning of tpm_tis_i2c_send().

Use goto out_err to ensure proper cleanup when get_burstcount() fails.

Published: 2026-05-27

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel tpm_i2c_infineon driver contains a locality leak: if get_burstcount() returns -EBUSY on timeout, the driver exits without releasing the TPM context acquired during tpm_tis_i2c_send(). This failure to release the TPM context can leave the device in a locked state, preventing subsequent TPM operations and potentially disrupting any system service that relies on the TPM. The weakness manifests as a resource leak (CWE‑772), which may lead to service interruption for local users with TPM access.

Affected Systems

The vulnerability affects the Linux kernel's tpm_i2c_infineon driver. No specific kernel releases are listed in the advisory, so any kernel version that includes the legacy Infineon TPM driver before the fix may be impacted. The CPE identifier associates the issue with the generic Linux kernel product.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while the EPSS score of < 1% indicates a very low exploitation probability. The vulnerability is not in the CISA KEV catalog, implying no known widespread exploitation. If a local or privileged attacker can trigger TPM operations, it could cause a denial‑of‑service condition by repeatedly invoking a get_burstcount() timeout scenario; this is inferred from the described behavior. The patch resolves the issue by adding a cleanup path to release the locality on failure, eliminating the resource leak.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`aad628c1d91a6db57e572e4c1f35e863d81061d7`	affected	< 8f124c5582d443ac9fb690db26d08cab5d6ba76e
`aad628c1d91a6db57e572e4c1f35e863d81061d7`	affected	< c24c9c4cab11858f22f309521ba7ea5b1e7385f2
`aad628c1d91a6db57e572e4c1f35e863d81061d7`	affected	< 1bb8f8826d0748b4b92a98fb6b6dfe52081739f5
`aad628c1d91a6db57e572e4c1f35e863d81061d7`	affected	< 948966e546f29af04391d98b8e378e4a7670c1c1
`aad628c1d91a6db57e572e4c1f35e863d81061d7`	affected	< a61b8412e3eb8b71646dba867e8252d8560a1a27
`aad628c1d91a6db57e572e4c1f35e863d81061d7`	affected	< 1a22048c1117cdfac185ba450aba67ed6b65dc87
`aad628c1d91a6db57e572e4c1f35e863d81061d7`	affected	< 2f7a665e1323359d99c74301d1e180f5e2c40181
`aad628c1d91a6db57e572e4c1f35e863d81061d7`	affected	< bbd6e97c836cbeb9606d7b7e5dcf8a1d89525713

Linux

affected

Version	Status	Constraints
`3.7`	affected	—
`0`	unaffected	< 3.7
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[aad628c1d91a6db57e572e4c1f35e863d81061d7,8f124c5582d443ac9fb690db26d08cab5d6ba76e)`	affected	code_commit	—
`[aad628c1d91a6db57e572e4c1f35e863d81061d7,c24c9c4cab11858f22f309521ba7ea5b1e7385f2)`	affected	code_commit	—
`[aad628c1d91a6db57e572e4c1f35e863d81061d7,1bb8f8826d0748b4b92a98fb6b6dfe52081739f5)`	affected	code_commit	—
`[aad628c1d91a6db57e572e4c1f35e863d81061d7,948966e546f29af04391d98b8e378e4a7670c1c1)`	affected	code_commit	—
`[aad628c1d91a6db57e572e4c1f35e863d81061d7,a61b8412e3eb8b71646dba867e8252d8560a1a27)`	affected	code_commit	—
`[aad628c1d91a6db57e572e4c1f35e863d81061d7,1a22048c1117cdfac185ba450aba67ed6b65dc87)`	affected	code_commit	—
`[aad628c1d91a6db57e572e4c1f35e863d81061d7,2f7a665e1323359d99c74301d1e180f5e2c40181)`	affected	code_commit	—
`[aad628c1d91a6db57e572e4c1f35e863d81061d7,bbd6e97c836cbeb9606d7b7e5dcf8a1d89525713)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`3.7`	affected	generic	—
`[0,3.7)`	unaffected	generic	—
`[5.10.252,5.11.0)`	unaffected	semver	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.14,6.19.0)`	unaffected	semver	—
`[6.19.4,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest kernel patch that implements the get_burstcount cleanup in tpm_i2c_infineon driver.
If the patch cannot yet be applied, consider disabling or removing the Infineon TPM driver to prevent stuck locality states.
Monitor TPM activity for unexpected timeouts and reset the locality context manually when a stuck state is detected.

Generated by OpenCVE AI on May 28, 2026 at 17:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4606-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00176.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1a22048c1117cdfac185ba450aba67ed6b65dc87
https://git.kernel.org/stable/c/1bb8f8826d0748b4b92a98fb6b6dfe52081739f5
https://git.kernel.org/stable/c/2f7a665e1323359d99c74301d1e180f5e2c40181
https://git.kernel.org/stable/c/8f124c5582d443ac9fb690db26d08cab5d6ba76e
https://git.kernel.org/stable/c/948966e546f29af04391d98b8e378e4a7670c1c1
https://git.kernel.org/stable/c/a61b8412e3eb8b71646dba867e8252d8560a1a27
https://git.kernel.org/stable/c/bbd6e97c836cbeb9606d7b7e5dcf8a1d89525713
https://git.kernel.org/stable/c/c24c9c4cab11858f22f309521ba7ea5b1e7385f2
https://lore.kernel.org/linux-cve-announce/2026052729-CVE-2026-45941-2ecb@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-45941
https://www.cve.org/CVERecord?id=CVE-2026-45941

History

Thu, 28 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-400

Thu, 28 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026052729-CVE-2026-45941-2ecb@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-45941 https://www.cve.org/CVERecord?id=CVE-2026-45941
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 27 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-400

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure get_burstcount() can return -EBUSY on timeout. When this happens, the function returns directly without releasing the locality that was acquired at the beginning of tpm_tis_i2c_send(). Use goto out_err to ensure proper cleanup when get_burstcount() fails.
Title		tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1a22048c1117cdfac185ba450aba67ed6b65dc87 https://git.kernel.org/stable/c/1bb8f8826d0748b4b92a98fb6b6dfe52081739f5 https://git.kernel.org/stable/c/2f7a665e1323359d99c74301d1e180f5e2c40181 https://git.kernel.org/stable/c/8f124c5582d443ac9fb690db26d08cab5d6ba76e https://git.kernel.org/stable/c/948966e546f29af04391d98b8e378e4a7670c1c1 https://git.kernel.org/stable/c/a61b8412e3eb8b71646dba867e8252d8560a1a27 https://git.kernel.org/stable/c/bbd6e97c836cbeb9606d7b7e5dcf8a1d89525713 https://git.kernel.org/stable/c/c24c9c4cab11858f22f309521ba7ea5b1e7385f2

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:17:57.155Z

Updated: 2026-05-27T12:17:57.155Z

Reserved: 2026-05-13T15:03:33.087Z

Link: CVE-2026-45941

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:10.300

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45941

Redhat

Severity : Low

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45941 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T17:15:21Z

Weaknesses

CWE-772
Missing Release of Resource after Effective Lifetime

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object