Linux Kernel TPM Operations Race Condition Vulnerability

Vulnerability

A vulnerability in the Linux kernel's TPM (Trusted Platform Module) handling has been identified, specifically within the TPM 2.0 operations. The issue arises from a race condition related to the management of TPM spaces, which can lead to a null pointer dereference. This vulnerability was introduced during a series of changes aimed at removing nested TPM operations, where the proper synchronization was overlooked in certain functions. Although the flaw is typically brief and occurs only under specific circumstances, there have been reports of it being exploited in practice.

Impact

Exploitation of this vulnerability can cause a null pointer dereference, leading to a crash of the affected system or application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel TPM Operations Race Condition Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating