Unrated severityNVD Advisory· Published Jun 21, 2012· Updated Apr 29, 2026
CVE-2011-1160
CVE-2011-1160
Description
The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors.
Affected products
17cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <=2.6.38.8
- cpe:2.3:o:linux:linux_kernel:2.6.38:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38:rc8:*:*:*:*:*:*
Patches
11309d7afbed1char/tpm: Fix unitialized usage of data buffer
1 file changed · +1 −1
drivers/char/tpm/tpm.c+1 −1 modified@@ -980,7 +980,7 @@ int tpm_open(struct inode *inode, struct file *file) return -EBUSY; } - chip->data_buffer = kmalloc(TPM_BUFSIZE * sizeof(u8), GFP_KERNEL); + chip->data_buffer = kzalloc(TPM_BUFSIZE, GFP_KERNEL); if (chip->data_buffer == NULL) { clear_bit(0, &chip->is_open); put_device(chip->dev);
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5News mentions
0No linked articles in our index yet.