CVE-2025-23149
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-23149
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23149.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-23149
- Related
- Published
- 2025-05-01T13:15:50Z
- Modified
- 2025-05-05T17:54:34.480718Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
tpm: do not start chip while suspended
Checking TPMCHIPFLAGSUSPENDED after the call to tpmfindgetops() can lead to a spurious tpmchipstart() call:
[35985.503771] i2c i2c-1: Transfer while suspended [35985.503796] WARNING: CPU: 0 PID: 74 at drivers/i2c/i2c-core.h:56 i2ctransfer+0xbe/0x810 [35985.503802] Modules linked in: [35985.503808] CPU: 0 UID: 0 PID: 74 Comm: hwrng Tainted: G W 6.13.0-next-20250203-00005-gfa0cb5642941 #19 9c3d7f78192f2d38e32010ac9c90fdc71109ef6f [35985.503814] Tainted: [W]=WARN [35985.503817] Hardware name: Google Morphius/Morphius, BIOS GoogleMorphius.13434.858.0 10/26/2023 [35985.503819] RIP: 0010:i2ctransfer+0xbe/0x810 [35985.503825] Code: 30 01 00 00 4c 89 f7 e8 40 fe d8 ff 48 8b 93 80 01 00 00 48 85 d2 75 03 49 8b 16 48 c7 c7 0a fb 7c a7 48 89 c6 e8 32 ad b0 fe <0f> 0b b8 94 ff ff ff e9 33 04 00 00 be 02 00 00 00 83 fd 02 0f 5 [35985.503828] RSP: 0018:ffffa106c0333d30 EFLAGS: 00010246 [35985.503833] RAX: 074ba64aa20f7000 RBX: ffff8aa4c1167120 RCX: 0000000000000000 [35985.503836] RDX: 0000000000000000 RSI: ffffffffa77ab0e4 RDI: 0000000000000001 [35985.503838] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [35985.503841] R10: 0000000000000004 R11: 00000001000313d5 R12: ffff8aa4c10f1820 [35985.503843] R13: ffff8aa4c0e243c0 R14: ffff8aa4c1167250 R15: ffff8aa4c1167120 [35985.503846] FS: 0000000000000000(0000) GS:ffff8aa4eae00000(0000) knlGS:0000000000000000 [35985.503849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [35985.503852] CR2: 00007fab0aaf1000 CR3: 0000000105328000 CR4: 00000000003506f0 [35985.503855] Call Trace: [35985.503859] <TASK> [35985.503863] ? _warn+0xd4/0x260 [35985.503868] ? _i2ctransfer+0xbe/0x810 [35985.503874] ? reportbug+0xf3/0x210 [35985.503882] ? handlebug+0x63/0xb0 [35985.503887] ? excinvalidop+0x16/0x50 [35985.503892] ? asmexcinvalidop+0x16/0x20 [35985.503904] ? _i2ctransfer+0xbe/0x810 [35985.503913] tpmcr50i2ctransfermessage+0x24/0xf0 [35985.503920] tpmcr50i2cread+0x8e/0x120 [35985.503928] tpmcr50requestlocality+0x75/0x170 [35985.503935] tpmchipstart+0x116/0x160 [35985.503942] tpmtrygetops+0x57/0x90 [35985.503948] tpmfindgetops+0x26/0xd0 [35985.503955] tpmget_random+0x2d/0x80
Don't move forward with tpmchipstart() inside tpmtrygetops(), unless TPMCHIPFLAGSUSPENDED is not set. tpmfindget_ops() will return NULL in such a failure case.
- References
-
- https://git.kernel.org/stable/c/1404dff1e11bf927b70ac25e1de97bed9742ede4
- https://git.kernel.org/stable/c/17d253af4c2c8a2acf84bb55a0c2045f150b7dfd
- https://git.kernel.org/stable/c/e74e2394eed90aff5c3a08c1f51f476d4de71d02
- https://git.kernel.org/stable/c/f1044e995b64d70ef90ef6f2b89955b127497702
- https://git.kernel.org/stable/c/f3cb81cb96d587f9f235a11789d1ec0992643078
- https://security-tracker.debian.org/tracker/CVE-2025-23149
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.12.25-1