CVE-2021-46922

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.33 and 5.11.17

Description The issue is related to the KEYS: trusted: Fix TPM reservation for seal/unseal in the Linux kernel. The original patch was correct but got rebased, causing the loss of tpm try get ops() in tpm2 seal trusted(). This results in an imbalanced put of the TPM ops and causes oopses on TIS based hardware. The fix puts back the lost tpm try get ops().

Recommendations To resolve the issue, update the Linux kernel to version 5.10.33 or 5.11.17, or later. As a temporary workaround, consider restricting access to the tpm2 seal trusted() function until a patch is available. Additionally, avoid using the tpm try get ops() function in the affected API endpoints until the issue is resolved.