CVE-2025-68792Use of Out-of-range Pointer Offset in Linux

CWE-823Use of Out-of-range Pointer Offset10 documents7 sources
Severity
6.4MEDIUM
No vector
EPSS
0.0%
top 91.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedJan 13
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in name_size 'name_size' does not have any range checks, and it just directly indexes with TPM_ALG_ID, which could lead into memory corruption at worst. Address the issue by only processing known values and returning -EINVAL for unrecognized values. Make also 'tpm_buf_append_name' and 'tpm_buf_fill_hmac_session' fallible so that errors are detected before causing any spurious TPM traf

Affected Packages7 packages

Linuxlinux/linux_kernel6.10.06.12.66+1
Debianlinux/linux_kernel< 6.12.69-1+1
CVEListV5linux/linux1085b8276bb4239daa7008f0dcd5c973e4bd690f47e676ce4d68f461dfcab906f6aeb254f7276deb+3
debiandebian/linux< linux 6.18.3-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2025-68792: In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in name_size 'name_size' does not have an2026-01-13
OSV
tpm2-sessions: Fix out of range indexing in name_size2026-01-13
GHSA
GHSA-2wfq-pvgx-w5wx: In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in name_size 'name_size' does not have2026-01-13

📋Vendor Advisories

5
Ubuntu
Linux kernel (GCP) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel vulnerabilities2026-04-16
Red Hat
kernel: tpm2-sessions: Fix out of range indexing in name_size2026-01-13
Debian
CVE-2025-68792: linux - In the Linux kernel, the following vulnerability has been resolved: tpm2-sessio...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-68792 Impact, Exploitability, and Mitigation Steps | Wiz