Linux Kernel TPM 2.0 CRB Interface Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's TPM 2.0 CRB interface. The issue arises in the 'crb_acpi_add()' function, where the TPM2 ACPI table is retrieved and assigned to private data. However, this table is not freed after initialization, leading to a memory leak. The vulnerability has been addressed by adding a call to 'acpi_put_table()' to properly release the table and prevent the memory leak.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading a TPM 2.0 CRB device via ACPI without the necessary cleanup of the associated ACPI table. This can be done by initializing a TPM2 table and assigning it to private data without releasing it afterwards, which will result in a memory leak.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the latest stable kernel can be found on the official Linux kernel website.