Impact
The vulnerability arises when the IMA module creates securityfs files for hash algorithms that are not supported by the TPM. The crypto_id is initialized to an out‑of‑range value when the TPM advertises an unsupported algorithm, and subsequent code accesses hash_algo_name[] using this invalid index, resulting in a global out‑of‑bounds read. This can trigger a KASAN fault during boot, causing a kernel crash and a denial of service.
Affected Systems
Linux kernel implementations that have not incorporated the IMA securityfs patch. In particular, any kernel version prior to the fix merged into the 6.12 series—including 6.12.40 and earlier—can exhibit the out‑of‑bounds read if an unsupported TPM hash algorithm is present. Systems running unpatched 6.12 kernels or earlier versions will be affected.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity, with an EPSS of <1% implying that unlikely at present. The vulnerability does not provide remote code execution or privilege escalation; its impact is a local kernel crash via an out‑of‑bounds read during IMA securityfs initialization. Exploitation requires local or privileged access to the TPM interface cause the kernel to enumerate an unsupported hash algorithm, which is not easy to manipulate without intimate knowledge of the TPM configuration. The failure results in a kernel panic and service interruption, potentially forcing system reboot for critical services. The vulnerability is not listed in the CISA KEV catalog, further suggesting it is not actively exploited in the wild.
OpenCVE Enrichment