CVE-2022-50824

Vulnerability

In the Linux kernel's TPM TIS driver of the Linux kernel, the function check_acpi_tpm2() retrieves the TPM2 ACPI table to verify its existence during initialization but fails to release the table after use. The missing acpi_put_table() call results in a memory leak, as the ACPI table mappings are not freed [1][1] properly freed.

Exploitation

This is a memory leak vulnerability that occurs during system boot when the TPM TIS driver initializes. No special privileges or network access are required; the leak happens automatically on systems with a TPM2 device and an ACPI table. The attack surface is limited to local exploitation that could lead to resource exhaustion over time.

Impact

An attacker with local access could exploit this leak to gradually deplete system memory, potentially causing denial of service (DoS) by exhausting available memory resources. The vulnerability does not allow code execution or privilege escalation.

Mitigation

The fix adds the missing acpi_put_table() call to release the ACPI table mapping after initialization. Patches have been applied to the Linux kernel stable branches [2][3]. Users should update to a kernel version containing the fix.