CVE-2026-45871 PUBLISHED

tpm: st33zp24: Fix missing cleanup on get_burstcount() error

Assigner: Linux
Reserved: 13.05.2026 Published: 27.05.2026 Updated: 27.05.2026

In the Linux kernel, the following vulnerability has been resolved:

tpm: st33zp24: Fix missing cleanup on get_burstcount() error

get_burstcount() can return -EBUSY on timeout. When this happens, st33zp24_send() returns directly without releasing the locality acquired earlier.

Use goto out_err to ensure proper cleanup when get_burstcount() fails.

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from bf38b8710892333cec2d8069644eb36ff435fd6f to e0ce3da82341fcd6194175f1837946b2a894c625 (excl.) affected from bf38b8710892333cec2d8069644eb36ff435fd6f to 7687133509cf66ced120b667fefd21f80bf17993 (excl.) affected from bf38b8710892333cec2d8069644eb36ff435fd6f to 1256c6dc96d1e687e6e9b63088156ed07411b00c (excl.) affected from bf38b8710892333cec2d8069644eb36ff435fd6f to a51cff9be046e13e1c1b2fe45d5c48b582ec9b8c (excl.) affected from bf38b8710892333cec2d8069644eb36ff435fd6f to cc09d55f519e15355de343264a22ac6682b8305e (excl.) affected from bf38b8710892333cec2d8069644eb36ff435fd6f to ec15eb67fe9df87981b4829b901ec254273ca483 (excl.) affected from bf38b8710892333cec2d8069644eb36ff435fd6f to 4fffb77d35d038f146e6192da583dbe4971d869e (excl.) affected from bf38b8710892333cec2d8069644eb36ff435fd6f to 3e91b44c93ad2871f89fc2a98c5e4fe6ca5db3d9 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 4.1 is affected unaffected from 0 to 4.1 (excl.) unaffected from 5.10.252 to 5.10.* (incl.) unaffected from 5.15.202 to 5.15.* (incl.) unaffected from 6.1.165 to 6.1.* (incl.) unaffected from 6.6.128 to 6.6.* (incl.) unaffected from 6.12.75 to 6.12.* (incl.) unaffected from 6.18.14 to 6.18.* (incl.) unaffected from 6.19.4 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)