Linux Kernel TPM Buffer Overflow Vulnerability in Event Log Handling

Vulnerability

A vulnerability in the Linux kernel's handling of TPM (Trusted Platform Module) event logs has been identified, specifically within the ACPI (Advanced Configuration and Power Interface) subsystem. This issue arises from improper memory allocation, which can lead to a buffer overflow. The vulnerability was reported on an HPE ProLiant DL320 Gen12 server, running openSUSE Tumbleweed. The problem stems from ACPI directing a 16 MiB buffer for log events, exceeding safe allocation limits. The vulnerability has been addressed by modifying the memory management approach, shifting from a standard allocation function to a more controlled one, thereby preventing potential overflow.

Impact

Exploitation of this vulnerability can lead to a buffer overflow, which may be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel TPM Buffer Overflow Vulnerability in Event Log Handling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating