CVE-2024-36477

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-36477

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36477.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-36477

Downstream

BELL-CVE-2024-36477

DEBIAN-CVE-2024-36477

OESA-2024-1766

RHSA-2024:9315

SUSE-SU-2024:2372-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2973-1

UBUNTU-CVE-2024-36477

USN-6999-1

USN-6999-2

USN-7004-1

USN-7008-1

USN-7029-1

Related

Published

2024-06-21T12:15:11Z

Modified

2025-08-09T19:01:27Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

tpmtisspi: Account for SPI header when allocating TPM SPI xfer buffer

The TPM SPI transfer mechanism uses MAXSPIFRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not account for the 4 bytes of header that prepends the SPI data frame. This can result in out-of-bounds accesses and was confirmed with KASAN.

Introduce SPI_HDRSIZE to account for the header and use to allocate the transfer buffer.

References

Affected packages