Bug 1224862

Summary: VUL-0: kernel: keys driver leaks memory during operation
Product: [Novell Products] SUSE Security Incidents Reporter: Oliver Neukum <oneukum>
Component: GeneralAssignee: Security Team bot <security-team>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: meissner
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Oliver Neukum 2024-05-22 08:21:16 UTC 
This is from upstream against the kernel:

commit ffcaa2172cc1a85ddb8b783de96d38ca8855e248
Author: Jarkko Sakkinen <jarkko@kernel.org>
Date:   Mon May 20 02:31:53 2024 +0300

    KEYS: trusted: Fix memory leak in tpm2_key_encode()
    
    'scratch' is never freed. Fix this by calling kfree() in the success, and
    in the error case.
    
    Cc: stable@vger.kernel.org # +v5.13
    Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs")
    Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

You can leak kernel memory by simply operating the device. This needs a CVE fair and square.
Comment 1 Marcus Meissner 2024-05-23 09:35:12 UTC 
reuqested CVE via kernel CNA.
Comment 2 Marcus Meissner 2024-05-23 10:07:55 UTC 
gregkh wants to assign it only after rc1 release on monday.