CVE-2026-45871
Published May 27, 2026
Modified May 27, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: tpm: st33zp24: Fix missing cleanup on get_burstcount() error get_burstcount() can return -EBUSY on timeout. When this happens, st33zp24_send() returns directly without releasing the locality acquired earlier. Use goto out_err to ensure proper cleanup when get_burstcount() fails.
References
Other References
https://git.kernel.org/stable/c/1256c6dc96d1e687e6e9b63088156ed07411b00c
https://git.kernel.org/stable/c/3e91b44c93ad2871f89fc2a98c5e4fe6ca5db3d9
https://git.kernel.org/stable/c/4fffb77d35d038f146e6192da583dbe4971d869e
https://git.kernel.org/stable/c/7687133509cf66ced120b667fefd21f80bf17993
https://git.kernel.org/stable/c/a51cff9be046e13e1c1b2fe45d5c48b582ec9b8c
https://git.kernel.org/stable/c/cc09d55f519e15355de343264a22ac6682b8305e
https://git.kernel.org/stable/c/e0ce3da82341fcd6194175f1837946b2a894c625
https://git.kernel.org/stable/c/ec15eb67fe9df87981b4829b901ec254273ca483
Frequently Asked Questions
What is CVE-2026-45871? +
In the Linux kernel, the following vulnerability has been resolved:
tpm: st33zp24: Fix missing cleanup on get_burstcount() error
get_burstcount() can return -EBUSY on timeout. When this happens,
st33zp24_send() returns directly without releasing the locality
acquired earlier.
Use goto out_err to ensure proper cleanup when get_burstcount() fails.
How do I check if I'm vulnerable to CVE-2026-45871? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.