CVE-2022-48997

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc5+

Description The issue is related to the tpm pm suspend() function in the Linux kernel, which may lead to races with other tpm accessors in the system. Specifically, the hw random tpm driver makes use of tpm get random(), and this function is called in a loop from a kthread, which means it's not frozen alongside userspace, and so can race with the work done during system suspend. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. The function tpm pm suspend() is vulnerable, and the tpm get random() function is called in a loop from a kthread. To fix this, the tpm try get ops() function is called, which itself is a wrapper around tpm chip start(), but takes the appropriate mutex.

Recommendations For Linux kernel versions prior to 6.1.0-rc5+, consider updating to a newer version to mitigate the risk. As a temporary workaround, consider disabling the tpm pm suspend() function until a patch is available. Restrict access to the tpm get random() function to minimize the risk of exploitation.