CVE-2024-49858

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A vulnerability in the Linux kernel has been fixed, related to the TPM event log table, a Linux-specific construct where data produced by the GetEventLog() boot service is cached in memory and passed on to the OS using an EFI configuration table. The use of EFI LOADER DATA results in the region being left unreserved in the E820 memory map, which can lead to corruption and potentially crash the kernel. The fix involves using EFI ACPI RECLAIM MEMORY instead, which is always treated as reserved by the E820 conversion logic.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the use of EFI LOADER DATA for the TPM event log table until a patch is available. Restrict access to the TPM event log table to minimize the risk of exploitation. Avoid using the GetEventLog() boot service in the affected kernel versions until the issue is resolved.