Primary

Context

Linux Kernel TPM PCR Bank Limit Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's TPM (Trusted Platform Module) handling has been addressed. The issue arose because the function 'tpm2_get_pcr_allocation()' did not impose an upper limit on the number of PCR (Platform Configuration Register) banks, potentially allowing out-of-bounds values from external input to cause significant harm. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability could lead to out-of-bounds memory access, allowing external input to disrupt normal operation or potentially exploit other vulnerabilities.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux kernel documentation.

Added: Jan 13, 2026, 4:58 PM

Updated: Jan 13, 2026, 4:58 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel TPM PCR Bank Limit Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating