CVE-2023-54309

tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation /dev/vtpmx is made visible before 'workqueue' is initialized, which can
lead to a memory corruption in the worst case scenario. Address this by initializing 'workqueue' as the very first step of the
driver initialization.

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-12-30 CVE Reserved
2025-12-30 CVE Published
2025-12-31 CVE Updated
2026-01-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/6f99612e250041a2402d3b1694bccb149cd424a4	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/509d21f1c4bb9d35d397fca3226165b156a7639f	2023-08-11
https://git.kernel.org/stable/c/04e8697d26613ccea760cf57eb20a5a27f788c0f	2023-08-11
https://git.kernel.org/stable/c/86b9820395f226b8f33cbae9599deebf8af1ce72	2023-07-27
https://git.kernel.org/stable/c/9ff7fcb3a2ed0e9b895bb5b4c13872d584a8815b	2023-07-27
https://git.kernel.org/stable/c/e08295290c53a3cf174c236721747a01b9550ae2	2023-07-23
https://git.kernel.org/stable/c/99b998fb9d7d2d2d9dbb3e19db2d0ade02f5a604	2023-07-23
https://git.kernel.org/stable/c/092db954e2c3c5ba6c0ce990c7da72cf8f3b9c51	2023-07-23
https://git.kernel.org/stable/c/f4032d615f90970d6c3ac1d9c0bce3351eb4445c	2023-07-17

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 4.14.322 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 4.14.322"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 4.19.291 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 4.19.291"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.4.251 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.4.251"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.10.188 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.10.188"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.15.121 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.15.121"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.1.40 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.1.40"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.4.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.4.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.5"		en		Affected