git.ipfire.org Git - thirdparty/kernel/stable.git/commit

tpm: Cap the number of PCR banks

commit faf07e611dfa464b201223a7253e9dc5ee0f3c9e upstream.

tpm2_get_pcr_allocation() does not cap any upper limit for the number of
banks. Cap the limit to eight banks so that out of bounds values coming
from external I/O cause on only limited harm.

Cc: stable@vger.kernel.org # v5.10+
Fixes: bcfff8384f6c ("tpm: dynamically allocate the allocated_banks array")
Tested-by: Lai Yi <yi1.lai@linux.intel.com>
Reviewed-by: Jonathan McDowell <noodles@meta.com>
Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@opinsys.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

author	Jarkko Sakkinen <jarkko.sakkinen@opinsys.com>
	Tue, 30 Sep 2025 12:58:02 +0000 (15:58 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 2 Jan 2026 11:57:09 +0000 (12:57 +0100)
commit	858344bc9210bea9ab2bdc7e9e331ba84c164e50
tree	ff69c4d89ea15477876b4c539f60793a9625a0a8	tree \| snapshot
parent	2b78da4cc75d26069017e949af0d7f44447a4161	commit \| diff

drivers/char/tpm/tpm-chip.c		diff \| blob \| blame \| history
drivers/char/tpm/tpm1-cmd.c		diff \| blob \| blame \| history
drivers/char/tpm/tpm2-cmd.c		diff \| blob \| blame \| history
include/linux/tpm.h		diff \| blob \| blame \| history