CVE-2024-36477

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-36477
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36477.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-36477
Downstream
Related
Published
2024-06-21T12:15:11Z
Modified
2025-08-09T19:01:27Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

tpmtisspi: Account for SPI header when allocating TPM SPI xfer buffer

The TPM SPI transfer mechanism uses MAXSPIFRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not account for the 4 bytes of header that prepends the SPI data frame. This can result in out-of-bounds accesses and was confirmed with KASAN.

Introduce SPI_HDRSIZE to account for the header and use to allocate the transfer buffer.

References

Affected packages