How severe is CVE-2024-49851?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-49851?

This is classified as CWE-459, which is a common weakness in software security.

CVE-2024-49851 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: tpm: Clean up TPM space after command failure tpm_dev_transmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can result in transient handles being leaked if the device is subsequently closed with no further commands performed. Fix this by flushing the space in the event of command transmission failure.

Related Vulnerabilities

CVE-2000-0552

MEDIUM

CVSS:5.5(Medium)

ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.

CWE-4592000

CVE-2002-0788

MEDIUM

CVSS:5.5(Medium)

An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to stro...

CWE-4592002

CVE-2005-2293

MEDIUM

CVSS:5.5(Medium)

Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.

CWE-4592005

CVE-2019-14115

MEDIUM

CVSS:5.5(Medium)

u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which can result in user reading the secure input while touch is in non-secur...

CWE-4592019

CVE-2019-5595

MEDIUM

CVSS:5.5(Medium)

In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially...

CWE-4592019

CVE-2020-0258

MEDIUM

CVSS:5.5(Medium)

In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges...

CWE-4592020