CVE-2024-58005 is a vulnerability identified in the Linux kernel, specifically related to the Trusted Platform Module (TPM) driver implementation in the eventlog/acpi.c component. The issue arises from improper memory allocation handling when processing TPM event logs via ACPI. The vulnerability was observed on HPE ProLiant DL320 Gen12 servers running Linux kernel version 6.12.0-lp155.2 (openSUSE Tumbleweed). The kernel warning and stack trace indicate a failure in the __alloc_pages_noprof() function, triggered by an incorrect allocation order parameter (mapped from RSI register) that corresponds to a 16 MiB buffer allocation request. The root cause is linked to the use of devm_kmalloc() for buffer allocation, which is insufficient for large memory requests, leading to potential allocation failures or kernel warnings. The fix involves switching to kvmalloc() combined with devm_add_action() to properly manage large memory allocations and their lifecycle, ensuring that the TPM event log buffer is allocated safely and freed appropriately. This vulnerability is a kernel-level memory allocation flaw affecting TPM event log handling, which could lead to system instability or denial of service due to kernel warnings or crashes during boot or TPM operations. No known exploits are reported in the wild, and no CVSS score has been assigned yet.

For European organizations, this vulnerability primarily impacts servers and systems running affected Linux kernel versions with TPM enabled, especially in enterprise environments using HPE ProLiant DL320 Gen12 or similar hardware. TPM is critical for hardware-based security functions such as secure boot, disk encryption key storage, and platform integrity verification. A failure in TPM event log handling could disrupt these security services, potentially causing system instability or denial of service. This could affect data center operations, cloud infrastructure, and critical enterprise applications relying on TPM for security assurances. Although no direct remote exploitation is indicated, the kernel-level nature means that local attackers or malicious processes with kernel privileges could trigger the issue, leading to potential service interruptions. The impact on confidentiality and integrity is indirect but availability could be affected due to kernel warnings or crashes. Organizations relying on TPM for compliance or security policies may face operational risks until patched.

1. Immediate application of the Linux kernel patch that replaces devm_kmalloc() with kvmalloc() and devm_add_action() in the TPM eventlog/acpi.c code to ensure proper memory allocation and lifecycle management. 2. Upgrade Linux kernel to versions that include this fix, particularly for systems running on HPE ProLiant DL320 Gen12 hardware or similar platforms with TPM 2.0. 3. Conduct thorough testing of TPM functionality post-patch to verify stability and event log integrity. 4. Monitor kernel logs for warnings related to __alloc_pages_noprof() or TPM eventlog processing as indicators of potential exploitation or system issues. 5. Limit local user privileges to reduce risk of local exploitation, as the vulnerability requires kernel-level access to trigger. 6. Maintain up-to-date firmware and BIOS versions on affected hardware to complement kernel security. 7. Implement robust system monitoring and alerting for kernel panics or unusual TPM behavior to enable rapid response.