CVE-2011-1162

The tpm_read function in the Linux kernel 2.6 does not properly clear memory, which might allow local users to read the results of the previous TPM command.

From the Ubuntu Security Team

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command.

• How can I get the fixes?
• What do statuses mean?
• Patch details

References

• MITRE
• NVD
• Launchpad
• Debian

Related Ubuntu Security Notices (USN)

• USN-1319-1
• Linux kernel (OMAP4) vulnerabilities
• 9 January 2012
• USN-1294-1
• Linux kernel (Oneiric backport) vulnerabilities
• 8 December 2011
• USN-1318-1
• Linux kernel (FSL-IMX51) vulnerabilities
• 5 January 2012
• USN-1337-1
• Linux kernel (Natty backport) vulnerabilities
• 23 January 2012
• USN-1341-1
• Linux kernel vulnerabilities
• 23 January 2012
• USN-1299-1
• Linux kernel (EC2) vulnerabilities
• 13 December 2011
• USN-1332-1
• Linux kernel (Maverick backport) vulnerabilities
• 13 January 2012
• USN-1325-1
• Linux kernel (OMAP4) vulnerabilities
• 11 January 2012
• USN-1303-1
• Linux kernel (Marvell DOVE) vulnerabilities
• 13 December 2011
• USN-1311-1
• Linux kernel vulnerabilities
• 19 December 2011
• USN-1275-1
• Linux kernel vulnerability
• 21 November 2011
• USN-1323-1
• Linux kernel vulnerabilities
• 11 January 2012
• USN-1260-1
• Linux kernel (OMAP4) vulnerability
• 14 November 2011
• USN-1345-1
• Linux kernel vulnerabilities
• 24 January 2012

Other references

• https://rhn.redhat.com/errata/RHSA-2011-1465.html
• https://www.cve.org/CVERecord?id=CVE-2011-1162