suse · CVE-2025-71077

Quick triage

Priority: medium Published: 2026-03-05 00:20:44 UTC Updated: 2026-04-16 13:41:56 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2025-71077 severity moderate: SUSE including 392 source package names (13.2-9.1:libsqlite3-0-3.49.1-1.1, 2.1.3-6.115:kernel-default-base-6.4.0-39.1.21.16, …), 641 product×package rows across 74 product lines (Container suse/sl-micro/6.0/baremetal-os-container, Container suse/sl-micro/6.0/base-os-container, … (74 product lines)): Fixed 277, Known Affected 231, Known Not Affected 108, First Fixed 25.

Description:

In the Linux kernel, the following vulnerability has been resolved: tpm: Cap the number of PCR banks tpm2_get_pcr_allocation() does not cap any upper limit for the number of banks. Cap the limit to eight banks so that out of bounds values coming from external I/O cause on only limited harm.

cvelogic Threat Intelligence