CVE-2022-49287: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49287 affects the Linux kernel's TPM (Trusted Platform Module) driver, specifically related to reference counting for struct tpmchip. The vulnerability was discovered in 2022 and disclosed in February 2025. The issue occurs when a specific sequence of operations is performed: opening /dev/tpmrm device, removing tpmtis_spi module, and writing a TPM command to the opened file descriptor (NVD).

The vulnerability is a use-after-free condition in the TPM driver caused by incorrect reference counting. The issue arises because the chip->dev reference in tpmcommonwrite() is attempted to be accessed after its reference counter has reached zero. This occurs because the required TPMCHIPFLAG_TPM2 flag is never set, preventing an extra reference from being taken. The vulnerability has a CVSS v3.1 Base Score of 7.8 (HIGH) with vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can lead to use-after-free conditions when performing operations on TPM devices, potentially resulting in system crashes or memory corruption. This could affect system stability and security, particularly in systems utilizing TPM functionality (NVD).

The issue has been fixed by moving the TPM 2 character device handling from tpmchipalloc() to tpmaddchardevice(), which is called at a later point when the TPMCHIPFLAGTPM2 flag has been properly set. The fix also includes implementing proper reference counting in tpmchipunregister() and consolidating TPM 2 handling into a new function (Kernel Commit).