Skip to main content

Linux Kernel CVE-2026-45941

| EUVDEUVD-2026-32225 MEDIUM
Memory Leak (CWE-401)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-5p3c-43qg-83mf
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local access with standard privileges required to reach the TPM send path; no confidentiality or integrity impact, only TPM availability loss via locality exhaustion.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 24, 2026 - 17:26 vuln.today
CVSS changed
Jun 24, 2026 - 17:22 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure

get_burstcount() can return -EBUSY on timeout. When this happens, the function returns directly without releasing the locality that was acquired at the beginning of tpm_tis_i2c_send().

Use goto out_err to ensure proper cleanup when get_burstcount() fails.

AnalysisAI

TPM locality leak in the Linux kernel's tpm_i2c_infineon driver allows a local user on an affected system to exhaust TPM localities and render the TPM device unavailable. The tpm_tis_i2c_send() function acquires a TPM locality at entry but fails to release it when get_burstcount() times out with -EBUSY, causing a resource leak on every such timeout. Patches are available across multiple stable kernel branches; no public exploit code or active exploitation (CISA KEV) has been identified, and EPSS is 0.02% at the 7th percentile.

Technical ContextAI

The flaw is in drivers/char/tpm/tpm_i2c_infineon.c, the Linux kernel driver for Infineon I2C-connected Trusted Platform Module chips. TPM localities are hardware-enforced access control segments - a driver that acquires a locality must release it before returning to prevent resource exhaustion, making this a textbook CWE-401 (Improper Release of Memory Before Removing Last Reference, applied here to a hardware resource handle). The tpm_tis_i2c_send() send path acquires a locality at the top of the function, then calls get_burstcount() to determine the TPM's write burst capacity; if the TPM is busy and get_burstcount() times out returning -EBUSY, the original code returned immediately, skipping locality release. The upstream fix introduces a goto out_err cleanup path mirroring the existing success path's release logic. All CPE entries are cpe:2.3:o:linux:linux_kernel, covering affected kernel versions prior to the stable-branch patch points.

RemediationAI

Update to a patched kernel version on the applicable stable branch: 5.10.252+, 5.15.202+, 6.1.165+, 6.6.128+, 6.12.75+, 6.18.14+, 6.19.4+, or 7.0+. Upstream fix commits are available at https://git.kernel.org/stable/c/1a22048c1117cdfac185ba450aba67ed6b65dc87 and the companion commits listed in references; distribution vendors (Debian, Ubuntu, RHEL, SUSE) will ship backported kernel packages in their normal security update channels. For systems where an immediate kernel upgrade is not feasible, the tpm_i2c_infineon module can be blacklisted by adding 'blacklist tpm_i2c_infineon' to /etc/modprobe.d/ and rebuilding the initramfs - note this disables all TPM-dependent operations including disk encryption key unsealing (LUKS via TPM), measured boot/remote attestation, and any application using the TPM via /dev/tpm0 or /dev/tpmrm0, which may violate security policy or prevent system boot on configurations relying on TPM-sealed keys.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

CVE-2026-45941 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy