CVE-2024-42255 Information

Description

In the Linux kernel the following vulnerability has been resolved:

tpm: Use auth only after NULL check in tpm_buf_check_hmac_response()

Dereference auth after NULL check in tpm_buf_check_hmac_response(). Otherwise unless tpm2_sessions_init() was called a call can cause NULL dereference when TCG_TPM2_HMAC is enabled.

[jarkko: adjusted the commit message.]

Reference

https://git.kernel.org/stable/c/b9afbb9a0c734197c59c43610071041044bf1562 https://git.kernel.org/stable/c/7dc357d343f134bf59815ff6098b93503ec8a23b