CVE Catalog

CVE-2026-45941

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile - higher than 7% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to the get_burstcount() function, which can return -EBUSY on timeout. In this case, the function does not release the locality, potentially leading to locality leaks.

Risk Assessment

Locality leaks may allow unauthorized access to TPM resources, posing a risk to the integrity and confidentiality of data within the system.

Recommendation

It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability and ensure proper locality management in the get_burstcount() function.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure get_burstcount() can return -EBUSY on timeout. When this happens, the function returns directly without releasing the locality that was acquired at the beginning of tpm_tis_i2c_send(). Use goto out_err to ensure proper cleanup when get_burstcount() fails.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS