CVE-2021-46922 - pub/scm/linux/kernel/git/sashal/vulns-desc - Git at Google

 The vulnerability, tracked as CVE-2021-46922, lies in the Linux kernel's trusted key implementation, specifically in the TPM (Trusted Platform Module) reservation mechanism for seal and unseal operations. The issue arises from a lost `tpm_try_get_ops()` call in the `tpm2_seal_trusted()` function, which causes an imbalance in TPM operation puts, leading to oopses on TIS-based hardware.

 The problem was introduced in kernel versions 5.10.20 and 5.11.3, with commits 67118bb78d72 and 498b8fc1cdc1, respectively. The fix, which reverts the lost `tpm_try_get_ops()` call, was applied in kernel versions 5.10.33 and 5.11.17, with commits bf84ef2dd2cc and 39c8d760d44c, respectively.

 The affected file is `security/keys/trusted-keys/trusted_tpm2.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as well as other bugfixes. If updating is not possible, individual changes can be cherry-picked from the specified commits.
	The vulnerability, tracked as CVE-2021-46922, lies in the Linux kernel's trusted key implementation, specifically in the TPM (Trusted Platform Module) reservation mechanism for seal and unseal operations. The issue arises from a lost `tpm_try_get_ops()` call in the `tpm2_seal_trusted()` function, which causes an imbalance in TPM operation puts, leading to oopses on TIS-based hardware.

	The problem was introduced in kernel versions 5.10.20 and 5.11.3, with commits 67118bb78d72 and 498b8fc1cdc1, respectively. The fix, which reverts the lost `tpm_try_get_ops()` call, was applied in kernel versions 5.10.33 and 5.11.17, with commits bf84ef2dd2cc and 39c8d760d44c, respectively.

	The affected file is `security/keys/trusted-keys/trusted_tpm2.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as well as other bugfixes. If updating is not possible, individual changes can be cherry-picked from the specified commits.