The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors.
https://bugzilla.redhat.com/show_bug.cgi?id=684671
https://github.com/torvalds/linux/commit/1309d7afbed112f0e8e90be9af975550caa0076b
Published: 2012-06-21
Base Score: 2.1
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N
Severity: Low