Mimi Zohar

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A potential integer overflow issue has been identified in the Linux kernel, specifically in the ima appraise measurement function when ima-modsig is enabled. This occurs because the rc passed to evm verifyxattr() may be negative, leading to the integer overflow problem. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.10.33 and 5.11.17 **Description** The issue is related to the KEYS: trusted: Fix TPM reservation for seal/unseal in the Linux kernel. The original patch was correct but got rebased, causing the loss of `tpm try get ops()` in `tpm2 seal trusted()`. This results in an imbalanced put of the TPM ops and causes oopses on TIS based hardware. The fix puts back the lost `tpm try get ops()`. **Recommendations** To resolve the issue, update the Linux kernel to version 5.10.33 or 5.11.17, or later. As a temporary workaround, consider restricting access to the `tpm2 seal trusted()` function until a patch is available. Additionally, avoid using the `tpm try get ops()` function in the affected API endpoints until the issue is resolved.