FKIE_CVE-2025-68792

Vulnerability from fkie_nvd - Published: 2026-01-13 16:16 - Updated: 2026-04-15 00:35
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in name_size 'name_size' does not have any range checks, and it just directly indexes with TPM_ALG_ID, which could lead into memory corruption at worst. Address the issue by only processing known values and returning -EINVAL for unrecognized values. Make also 'tpm_buf_append_name' and 'tpm_buf_fill_hmac_session' fallible so that errors are detected before causing any spurious TPM traffic. End also the authorization session on failure in both of the functions, as the session state would be then by definition corrupted.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/04a3aa6e8c5f878cc51a8a1c90b6d3c54079bc43
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/47e676ce4d68f461dfcab906f6aeb254f7276deb
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6e9722e9a7bfe1bbad649937c811076acf86e1fd
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm2-sessions: Fix out of range indexing in name_size\n\n\u0027name_size\u0027 does not have any range checks, and it just directly indexes\nwith TPM_ALG_ID, which could lead into memory corruption at worst.\n\nAddress the issue by only processing known values and returning -EINVAL for\nunrecognized values.\n\nMake also \u0027tpm_buf_append_name\u0027 and \u0027tpm_buf_fill_hmac_session\u0027 fallible so\nthat errors are detected before causing any spurious TPM traffic.\n\nEnd also the authorization session on failure in both of the functions, as\nthe session state would be then by definition corrupted."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\ntpm2-sessions: Correcci\u00f3n de indexaci\u00f3n fuera de rango en name_size\n\n\u0027name_size\u0027 no tiene ninguna comprobaci\u00f3n de rango, y simplemente indexa directamente con TPM_ALG_ID, lo que podr\u00eda llevar a corrupci\u00f3n de memoria en el peor de los casos.\n\nAbordar el problema procesando solo valores conocidos y devolviendo -EINVAL para valores no reconocidos.\n\nHacer tambi\u00e9n \u0027tpm_buf_append_name\u0027 y \u0027tpm_buf_fill_hmac_session\u0027 falibles para que los errores sean detectados antes de causar cualquier tr\u00e1fico TPM espurio.\n\nFinalizar tambi\u00e9n la sesi\u00f3n de autorizaci\u00f3n en caso de fallo en ambas funciones, ya que el estado de la sesi\u00f3n estar\u00eda entonces por definici\u00f3n corrupto."
    }
  ],
  "id": "CVE-2025-68792",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {},
  "published": "2026-01-13T16:16:01.090",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/04a3aa6e8c5f878cc51a8a1c90b6d3c54079bc43"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/47e676ce4d68f461dfcab906f6aeb254f7276deb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6e9722e9a7bfe1bbad649937c811076acf86e1fd"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Deferred"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.