CVE-2024-49851
📋 TL;DR
A vulnerability in the Linux kernel's TPM (Trusted Platform Module) subsystem allows transient handles to be leaked when TPM command transmission fails. This affects Linux systems using TPM hardware or software emulation. The vulnerability can lead to resource exhaustion and potential denial of service.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Resource exhaustion leading to kernel panic or system instability, potentially causing denial of service on critical systems.
Likely Case
Gradual resource leakage over time leading to TPM functionality degradation or failure, requiring system reboot to clear leaked handles.
If Mitigated
Minimal impact if TPM usage is limited or systems are regularly rebooted; resource leakage would be cleared on reboot.
🎯 Exploit Status
Exploitation requires ability to trigger TPM command failures, which typically requires local access or ability to execute code on the system.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 2c9b228938e9266a1065a3f4fe5c99b7235dc439, 3f9f72d843c92fb6f4ff7460d774413cde7f254c, 82478cb8a23bd4f97935bbe60d64528c6d9918b4, 87e8134c18977b566f4ec248c8a147244da69402, adf4ce162561222338cf2c9a2caa294527f7f721
Vendor Advisory: https://git.kernel.org/stable/c/2c9b228938e9266a1065a3f4fe5c99b7235dc439
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution vendor for specific patched kernel versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable TPM functionality
linuxDisable TPM hardware or software emulation if not required for system operation
echo 'blacklist tpm' > /etc/modprobe.d/blacklist-tpm.conf
update-initramfs -u
reboot
Regular system reboots
linuxSchedule regular reboots to clear any leaked TPM handles before resource exhaustion occurs
# Add to crontab: 0 0 * * 0 /sbin/reboot
🧯 If You Can't Patch
- Monitor TPM resource usage and implement alerting for abnormal handle counts
- Implement strict access controls to limit who can execute TPM commands on the system
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution's patched versions; examine if TPM module is loaded: lsmod | grep tpmCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits; test TPM functionality after patching📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing TPM errors or failures
- System logs indicating TPM resource exhaustion
Network Indicators:
- None - this is a local resource management issue
SIEM Query:
source="kernel" AND ("TPM" OR "tpm") AND ("error" OR "fail" OR "leak")🔗 References
- https://git.kernel.org/stable/c/2c9b228938e9266a1065a3f4fe5c99b7235dc439
- https://git.kernel.org/stable/c/3f9f72d843c92fb6f4ff7460d774413cde7f254c
- https://git.kernel.org/stable/c/82478cb8a23bd4f97935bbe60d64528c6d9918b4
- https://git.kernel.org/stable/c/87e8134c18977b566f4ec248c8a147244da69402
- https://git.kernel.org/stable/c/adf4ce162561222338cf2c9a2caa294527f7f721
- https://git.kernel.org/stable/c/c84ceb546f30432fccea4891163f7050f5bee5dd
- https://git.kernel.org/stable/c/e3aaebcbb7c6b403416f442d1de70d437ce313a7
- https://git.kernel.org/stable/c/ebc4e1f4492d114f9693950621b3ea42b2f82bec
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
