Vigil@nce: Linux kernel, memory disclosure via TPM
March 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can use TPM features, in order to read a fragment
of the kernel memory.
– Severity: 1/4
– Creation date: 14/03/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
Processors can implement the TPM (Trusted Platform Module)
specification, which provides integrity and encryption features.
The drivers/char/tpm/tpm.c file of the Linux kernel does not
correctly initialize memory areas returned to the user:
– in the tpm_open() function
– in the tpm_transmit() and tpm_write() functions
– in the tpm_read() function
A local attacker can therefore use TPM features, in order to read
a fragment of the kernel memory.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-memory-disclosure-via-TPM-10453