CVE-2025-71147
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's trusted keys subsystem. When the tpm2_load_cmd function fails to load a key, it doesn't properly free temporary memory allocations, potentially leading to kernel memory exhaustion. This affects Linux systems using the trusted keys subsystem with TPM2 hardware.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
An attacker could trigger repeated failed key loading attempts to exhaust kernel memory, causing system instability, denial of service, or kernel panic.
Likely Case
Accidental or repeated failed key loading operations could gradually consume kernel memory, leading to system performance degradation or eventual crashes.
If Mitigated
With proper access controls and monitoring, the impact is limited to potential performance issues from legitimate failed operations.
🎯 Exploit Status
Exploitation requires local access and ability to trigger trusted key operations. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with fixes available (see references)
Vendor Advisory: https://git.kernel.org/stable/c/19166de9737218b77122c41a5730ac87025e089f
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable trusted keys subsystem
linuxPrevent use of the vulnerable trusted keys functionality
echo 'blacklist trusted' >> /etc/modprobe.d/blacklist.conf
rmmod trusted
Restrict trusted key operations
linuxLimit which users can perform trusted key operations
chmod 600 /sys/kernel/security/tpm*
setfacl -m u:root:rw /sys/kernel/security/tpm*
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized users from performing trusted key operations
- Monitor kernel memory usage and system logs for signs of memory exhaustion or repeated failed key operations
🔍 How to Verify
Check if Vulnerable:
Check if trusted module is loaded: lsmod | grep trusted. Check kernel version against patched releases.Check Version:
uname -rVerify Fix Applied:
Verify kernel version matches patched release and trusted module functions correctly with test key operations.📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- System memory exhaustion warnings
- Failed trusted key operations in kernel logs
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("oom-killer" OR "Out of memory" OR "trusted: tpm2_load_cmd failed")🔗 References
- https://git.kernel.org/stable/c/19166de9737218b77122c41a5730ac87025e089f
- https://git.kernel.org/stable/c/3fd7df4636d8fd5e3592371967a5941204368936
- https://git.kernel.org/stable/c/62cd5d480b9762ce70d720a81fa5b373052ae05f
- https://git.kernel.org/stable/c/9b015f2918b95bdde2ca9cefa10ef02b138aae1e
- https://git.kernel.org/stable/c/9e7c63c69f57b1db1a8a1542359a6167ff8fcef1
- https://git.kernel.org/stable/c/af0689cafb127a8d1af78cc8b72585c9b2a19ecd
