GHSA-7Q44-JWGV-R9JH

Vulnerability from github – Published: 2025-12-24 15:30 – Updated: 2025-12-24 15:30
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

tpm: Add !tpm_amd_is_rng_defective() to the hwrng_unregister() call site

The following crash was reported:

[ 1950.279393] list_del corruption, ffff99560d485790->next is NULL [ 1950.279400] ------------[ cut here ]------------ [ 1950.279401] kernel BUG at lib/list_debug.c:49! [ 1950.279405] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 1950.279407] CPU: 11 PID: 5886 Comm: modprobe Tainted: G O 6.2.8_1 #1 [ 1950.279409] Hardware name: Gigabyte Technology Co., Ltd. B550M AORUS PRO-P/B550M AORUS PRO-P, BIOS F15c 05/11/2022 [ 1950.279410] RIP: 0010:__list_del_entry_valid+0x59/0xc0 [ 1950.279415] Code: 48 8b 01 48 39 f8 75 5a 48 8b 72 08 48 39 c6 75 65 b8 01 00 00 00 c3 cc cc cc cc 48 89 fe 48 c7 c7 08 a8 13 9e e8 b7 0a bc ff <0f> 0b 48 89 fe 48 c7 c7 38 a8 13 9e e8 a6 0a bc ff 0f 0b 48 89 fe [ 1950.279416] RSP: 0018:ffffa96d05647e08 EFLAGS: 00010246 [ 1950.279418] RAX: 0000000000000033 RBX: ffff99560d485750 RCX: 0000000000000000 [ 1950.279419] RDX: 0000000000000000 RSI: ffffffff9e107c59 RDI: 00000000ffffffff [ 1950.279420] RBP: ffffffffc19c5168 R08: 0000000000000000 R09: ffffa96d05647cc8 [ 1950.279421] R10: 0000000000000003 R11: ffffffff9ea2a568 R12: 0000000000000000 [ 1950.279422] R13: ffff99560140a2e0 R14: ffff99560127d2e0 R15: 0000000000000000 [ 1950.279422] FS: 00007f67da795380(0000) GS:ffff995d1f0c0000(0000) knlGS:0000000000000000 [ 1950.279424] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1950.279424] CR2: 00007f67da7e65c0 CR3: 00000001feed2000 CR4: 0000000000750ee0 [ 1950.279426] PKRU: 55555554 [ 1950.279426] Call Trace: [ 1950.279428] [ 1950.279430] hwrng_unregister+0x28/0xe0 [rng_core] [ 1950.279436] tpm_chip_unregister+0xd5/0xf0 [tpm]

Add the forgotten !tpm_amd_is_rng_defective() invariant to the hwrng_unregister() call site inside tpm_chip_unregister().

Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-54073"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-24T13:16:09Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Add !tpm_amd_is_rng_defective() to the hwrng_unregister() call site\n\nThe following crash was reported:\n\n[ 1950.279393] list_del corruption, ffff99560d485790-\u003enext is NULL\n[ 1950.279400] ------------[ cut here ]------------\n[ 1950.279401] kernel BUG at lib/list_debug.c:49!\n[ 1950.279405] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 1950.279407] CPU: 11 PID: 5886 Comm: modprobe Tainted: G O 6.2.8_1 #1\n[ 1950.279409] Hardware name: Gigabyte Technology Co., Ltd. B550M AORUS PRO-P/B550M AORUS PRO-P,\nBIOS F15c 05/11/2022\n[ 1950.279410] RIP: 0010:__list_del_entry_valid+0x59/0xc0\n[ 1950.279415] Code: 48 8b 01 48 39 f8 75 5a 48 8b 72 08 48 39 c6 75 65 b8 01 00 00 00 c3 cc cc cc\ncc 48 89 fe 48 c7 c7 08 a8 13 9e e8 b7 0a bc ff \u003c0f\u003e 0b 48 89 fe 48 c7 c7 38 a8 13 9e e8 a6 0a bc\nff 0f 0b 48 89 fe\n[ 1950.279416] RSP: 0018:ffffa96d05647e08 EFLAGS: 00010246\n[ 1950.279418] RAX: 0000000000000033 RBX: ffff99560d485750 RCX: 0000000000000000\n[ 1950.279419] RDX: 0000000000000000 RSI: ffffffff9e107c59 RDI: 00000000ffffffff\n[ 1950.279420] RBP: ffffffffc19c5168 R08: 0000000000000000 R09: ffffa96d05647cc8\n[ 1950.279421] R10: 0000000000000003 R11: ffffffff9ea2a568 R12: 0000000000000000\n[ 1950.279422] R13: ffff99560140a2e0 R14: ffff99560127d2e0 R15: 0000000000000000\n[ 1950.279422] FS: 00007f67da795380(0000) GS:ffff995d1f0c0000(0000) knlGS:0000000000000000\n[ 1950.279424] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1950.279424] CR2: 00007f67da7e65c0 CR3: 00000001feed2000 CR4: 0000000000750ee0\n[ 1950.279426] PKRU: 55555554\n[ 1950.279426] Call Trace:\n[ 1950.279428] \u003cTASK\u003e\n[ 1950.279430] hwrng_unregister+0x28/0xe0 [rng_core]\n[ 1950.279436] tpm_chip_unregister+0xd5/0xf0 [tpm]\n\nAdd the forgotten !tpm_amd_is_rng_defective() invariant to the\nhwrng_unregister() call site inside tpm_chip_unregister().",
  "id": "GHSA-7q44-jwgv-r9jh",
  "modified": "2025-12-24T15:30:36Z",
  "published": "2025-12-24T15:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54073"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0af0a989e747248e05640980661225e5b94cdb9e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1408d27f25c7b73ece7545cb6434965eedc49ddb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8da5ba044ea74105f3cfa182603b2f2d766fb22d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bd8621ca1510e6e802df9855bdc35a04a3cfa932"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.