Bug 1224862 - VUL-0: kernel: keys driver leaks memory during operation
Summary: VUL-0: kernel: keys driver leaks memory during operation
Status: NEW
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: General (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-22 08:21 UTC by Oliver Neukum
Modified: 2024-05-23 10:15 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Neukum 2024-05-22 08:21:16 UTC 
This is from upstream against the kernel:

commit ffcaa2172cc1a85ddb8b783de96d38ca8855e248
Author: Jarkko Sakkinen <jarkko@kernel.org>
Date:   Mon May 20 02:31:53 2024 +0300

    KEYS: trusted: Fix memory leak in tpm2_key_encode()
    
    'scratch' is never freed. Fix this by calling kfree() in the success, and
    in the error case.
    
    Cc: stable@vger.kernel.org # +v5.13
    Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs")
    Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

You can leak kernel memory by simply operating the device. This needs a CVE fair and square.
Comment 1 Marcus Meissner 2024-05-23 09:35:12 UTC 
reuqested CVE via kernel CNA.
Comment 2 Marcus Meissner 2024-05-23 10:07:55 UTC 
gregkh wants to assign it only after rc1 release on monday.