CVE-2022-49286

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tpm: use try_get_ops() in tpm-space.c<br /> <br /> As part of the series conversion to remove nested TPM operations:<br /> <br /> https://lore.kernel.org/all/20190205224723.19671-1-jarkko.sakkinen@linux.intel.com/<br /> <br /> exposure of the chip-&gt;tpm_mutex was removed from much of the upper<br /> level code. In this conversion, tpm2_del_space() was missed. This<br /> didn&amp;#39;t matter much because it&amp;#39;s usually called closely after a<br /> converted operation, so there&amp;#39;s only a very tiny race window where the<br /> chip can be removed before the space flushing is done which causes a<br /> NULL deref on the mutex. However, there are reports of this window<br /> being hit in practice, so fix this by converting tpm2_del_space() to<br /> use tpm_try_get_ops(), which performs all the teardown checks before<br /> acquring the mutex.