CVE-2025-68792
Description
In the Linux kernel, the following vulnerability has been resolved:
tpm2-sessions: Fix out of range indexing in name_size
'name_size' does not have any range checks, and it just directly indexes with TPM_ALG_ID, which could lead into memory corruption at worst.
Address the issue by only processing known values and returning -EINVAL for unrecognized values.
Make also 'tpm_buf_append_name' and 'tpm_buf_fill_hmac_session' fallible so that errors are detected before causing any spurious TPM traffic.
End also the authorization session on failure in both of the functions, as the session state would be then by definition corrupted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing range check on 'name_size' in the Linux kernel's TPM2 sessions code can lead to out-of-bounds memory access, potentially causing memory corruption.
Vulnerability
The Linux kernel's TPM2 sessions implementation contains an out-of-bounds indexing vulnerability in the handling of name_size. The name_size field is used directly as an index into an array of TPM_ALG_ID values without any range validation. This can lead to memory corruption if an attacker can supply a crafted value [1].
Exploitation
An attacker with the ability to influence TPM commands or session data could trigger this vulnerability by providing an invalid or out-of-range name_size value. The lack of bounds checking means that the kernel may read or write beyond allocated memory structures, potentially leading to system instability or privilege escalation [1].
Impact
Successful exploitation could result in memory corruption, which might be leveraged to achieve arbitrary code execution in kernel context. The vulnerability affects systems using the TPM2 hardware and the kernel's TPM session management code [1].
Mitigation
The fix introduces proper validation of name_size values, returning -EINVAL for unrecognized values. Additionally, the functions tpm_buf_append_name and tpm_buf_fill_hmac_session are made fallible to detect errors before any TPM traffic occurs. The authorization session is also terminated on failure to prevent corrupted state [1]. Users should apply the kernel patch from the stable tree.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.