CVE-2023-54309
Race Condition in Linux Kernel TPM_vtpm_proxy Causes Memory Corruption
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a race condition in the Linux kernel's tpm_vtpm_proxy driver related to the creation of /dev/vtpmx. The device /dev/vtpmx becomes visible before the 'workqueue' is initialized, which can potentially lead to memory corruption. The issue is fixed by initializing the 'workqueue' at the very start of the driver initialization process.
How can this vulnerability impact me? :
The vulnerability can lead to memory corruption in the Linux kernel, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges depending on the exploitation context.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the tpm_vtpm_proxy driver initializes the 'workqueue' before making /dev/vtpmx visible. This fixes the race condition and prevents potential memory corruption.