{"id":"CVE-2022-2977","details":"A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.","modified":"2026-03-14T11:43:56.012540Z","published":"2022-09-14T21:15:10.377Z","related":["SUSE-SU-2022:3264-1","SUSE-SU-2022:3265-1","SUSE-SU-2022:3274-1","SUSE-SU-2022:3282-1","SUSE-SU-2022:3288-1","SUSE-SU-2022:3291-1","SUSE-SU-2022:3293-1","SUSE-SU-2022:3408-1","SUSE-SU-2022:3422-1","SUSE-SU-2022:3450-1","SUSE-SU-2022:3609-1","SUSE-SU-2022:3809-1","SUSE-SU-2022:4617-1","SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1194-1","SUSE-SU-2025:1241-1","SUSE-SU-2025:1263-1","SUSE-SU-2025:1293-1"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230214-0006/"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"4.12"},{"fixed":"4.14.276"}]},{"events":[{"introduced":"4.15"},{"fixed":"4.19.238"}]},{"events":[{"introduced":"4.20"},{"fixed":"5.4.189"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.10.110"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.33"}]},{"events":[{"introduced":"5.16"},{"fixed":"5.16.19"}]},{"events":[{"introduced":"5.17"},{"fixed":"5.17.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2977.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}