PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45871 Linux CVE debrief

A resource leak vulnerability exists in the Linux kernel's TPM ST33ZP24 driver. When the `get_burstcount()` function returns `-EBUSY` due to a timeout condition, the `st33zp24_send()` function exits directly without releasing the TPM locality that was previously acquired. This failure to properly clean up resources could lead to resource exhaustion or denial of service conditions affecting TPM operations. The vulnerability was resolved by modifying the error handling path to use `goto out_err`, ensuring consistent cleanup of acquired resources regardless of where the failure occurs.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

System administrators managing Linux systems with ST33ZP24 TPM hardware, security teams tracking kernel-level resource exhaustion vulnerabilities, and organizations relying on TPM-backed security functions requiring high availability.

Technical summary

The ST33ZP24 TPM driver in the Linux kernel contains a resource management flaw where `get_burstcount()` timeout errors (`-EBUSY`) cause premature function exit without releasing acquired TPM locality. The fix standardizes error handling to use `goto out_err` for guaranteed cleanup.

Defensive priority

medium

Recommended defensive actions

  • Review kernel configurations to identify systems utilizing the ST33ZP24 TPM driver
  • Apply kernel updates containing the referenced stable commits when available from distribution vendors
  • Monitor for kernel package updates addressing CVE-2026-45871
  • Consider TPM hardware alternatives or driver configurations if immediate patching is not feasible
  • Audit systems for signs of TPM resource exhaustion or related stability issues

Evidence notes

The vulnerability description indicates a missing cleanup path in the TPM ST33ZP24 driver when `get_burstcount()` returns `-EBUSY`. The fix ensures proper locality release via `goto out_err`. Multiple stable kernel commits are referenced, indicating backports to various kernel versions.

Official resources

2026-05-27