PT-2024-5401 · Linux+5 · Linux Kernel+5

Published

2024-05-21

·

Updated

2025-10-01

·

CVE-2024-36975

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the incorrect handling of the return code of the asn1 encode sequence() function in the Trusted Platform Module (TPM) subsystem of the Linux kernel. When asn1 encode sequence() fails, using WARN is not the correct solution because it is not an internal function, the location is known which makes the stack trace useless, and it results in a crash if panic on warn is set. The use of WARN is also undocumented and should be avoided unless there is a carefully considered rationale to use it. Instead, pr err should be used to print the return value, which is the only useful piece of information.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

BDU:2024-06045
CVE-2024-36975
MGASA-2024-0263
MGASA-2024-0266
OESA-2024-1766
OPENSUSE-SU-2024_2372-1
OPENSUSE-SU-2024_2394-1
SUSE-SU-2024:2372-1
SUSE-SU-2024:2394-1
SUSE-SU-2024:2571-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6949-1
USN-6949-2
USN-6950-1
USN-6950-2
USN-6950-3
USN-6950-4
USN-6952-1
USN-6952-2
USN-6955-1
USN-6956-1
USN-6957-1
USN-7019-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu