CVE-2024-42255

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 8, 2024

Updated: Sep 6, 2024

CWE ID 476

Summary

CVE-2024-42255 is a vulnerability affecting the Linux kernel's tpm subsystem. The issue arises when the function tpm_buf_check_hmac_response() performs a NULL check on the 'auth' parameter but goes on to dereference it before ensuring it is not null. If tpm2_sessions_init() has not been called, this sequence of events can result in a NULL dereference when TCG_TPM2_HMAC is enabled.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xVim-K
https://www.cve.org/CVERecord?id=CVE-2024-42255
https://nvd.nist.gov/vuln/detail/CVE-2024-42255

Back to Vulnerability Database