A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | kernel | 2022-05-31 23:47 | ALAS-2022-1591 |
Amazon Linux 2 - Core | kernel | 2024-06-06 20:17 | ALAS2-2024-2569 |
Amazon Linux 2 - Kernel-5.10 Extra | kernel | 2023-06-29 23:21 | ALAS2KERNEL-5.10-2023-036 |
Amazon Linux 2 - Kernel-5.4 Extra | kernel | 2024-07-24 19:53 | ALAS2KERNEL-5.4-2024-076 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
NVD | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |