CVE-2024-49858

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption<br /> <br /> The TPM event log table is a Linux specific construct, where the data<br /> produced by the GetEventLog() boot service is cached in memory, and<br /> passed on to the OS using an EFI configuration table.<br /> <br /> The use of EFI_LOADER_DATA here results in the region being left<br /> unreserved in the E820 memory map constructed by the EFI stub, and this<br /> is the memory description that is passed on to the incoming kernel by<br /> kexec, which is therefore unaware that the region should be reserved.<br /> <br /> Even though the utility of the TPM2 event log after a kexec is<br /> questionable, any corruption might send the parsing code off into the<br /> weeds and crash the kernel. So let&amp;#39;s use EFI_ACPI_RECLAIM_MEMORY<br /> instead, which is always treated as reserved by the E820 conversion<br /> logic.