CVE-2026-45941
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel related to the get_burstcount() function, which can return -EBUSY on timeout. In this case, the function does not release the locality, potentially leading to locality leaks.
Risk Assessment
Locality leaks may allow unauthorized access to TPM resources, posing a risk to the integrity and confidentiality of data within the system.
Recommendation
It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability and ensure proper locality management in the get_burstcount() function.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure get_burstcount() can return -EBUSY on timeout. When this happens, the function returns directly without releasing the locality that was acquired at the beginning of tpm_tis_i2c_send(). Use goto out_err to ensure proper cleanup when get_burstcount() fails.

