CVE-2024-36477
📋 TL;DR
A buffer overflow vulnerability in the Linux kernel's TPM SPI driver allows out-of-bounds memory access when processing SPI transfers. This affects systems using TPM hardware over SPI interfaces. Attackers could potentially crash the kernel or execute arbitrary code.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or arbitrary code execution with kernel privileges leading to complete system compromise.
Likely Case
System instability, kernel crashes, or denial of service affecting TPM functionality.
If Mitigated
Limited impact if systems have proper memory protection mechanisms like KASAN enabled.
🎯 Exploit Status
Requires local access and ability to interact with TPM SPI hardware. Exploitation depends on specific hardware configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 1547183852dcdfcc25878db7dd3620509217b0cd or 195aba96b854dd664768f382cd1db375d8181f88
Vendor Advisory: https://git.kernel.org/stable/c/1547183852dcdfcc25878db7dd3620509217b0cd
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable TPM SPI module
linuxPrevent loading of vulnerable tpm_tis_spi kernel module
echo 'blacklist tpm_tis_spi' >> /etc/modprobe.d/blacklist-tpm.conf
rmmod tpm_tis_spi
🧯 If You Can't Patch
- Disable TPM functionality if not required
- Implement strict access controls to prevent unauthorized local access
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if tpm_tis_spi module is loaded: lsmod | grep tpm_tis_spiCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or check if tpm_tis_spi module is blacklisted📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN out-of-bounds access reports
- TPM driver error messages
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("panic" OR "KASAN" OR "out-of-bounds" OR "tpm_tis_spi")🔗 References
- https://git.kernel.org/stable/c/1547183852dcdfcc25878db7dd3620509217b0cd
- https://git.kernel.org/stable/c/195aba96b854dd664768f382cd1db375d8181f88
- https://git.kernel.org/stable/c/de13c56f99477b56980c7e00b09c776d16b7563d
- https://git.kernel.org/stable/c/1547183852dcdfcc25878db7dd3620509217b0cd
- https://git.kernel.org/stable/c/195aba96b854dd664768f382cd1db375d8181f88
- https://git.kernel.org/stable/c/de13c56f99477b56980c7e00b09c776d16b7563d
