Linux Kernel ACPI Memory Leak Vulnerability in TPM Event Log Handling

A memory leak vulnerability has been identified in the Linux kernel's handling of the ACPI event log for TPM (Trusted Platform Module) 2.0. The issue arises because the function 'acpi_get_table()' is used to retrieve ACPI information without a corresponding call to 'acpi_put_table()' to release the allocated memory. This oversight creates a memory leak. The vulnerability affects the event log processing for TPM2 or TCPA tables, where the log area start and length are obtained from the ACPI tables. The vulnerability has been addressed by adding the necessary 'acpi_put_table()' calls to properly release the memory, thereby fixing the leak.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading a Linux kernel version prior to the patch that addresses this issue, and then accessing the TPM event log via the ACPI interface. The missing 'acpi_put_table()' calls will result in a memory leak, as the ACPI memory is not released after it is no longer needed.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the Linux kernel can be found in the official Linux documentation or through the package management system of the respective Linux distribution.