Linux · Linux Kernel · CVE-2024-36477
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
The issue is related to the TPM SPI transfer mechanism in the Linux kernel, which does not account for the 4 bytes of header that prepends the SPI data frame. This can result in out-of-bounds accesses and was confirmed with KASAN. The introduction of SPI HDRSIZE is intended to account for the header and allocate the transfer buffer correctly.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.