CVE-2026-46021
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
thermal: core: Fix thermal zone governor cleanup issues
If thermal_zone_device_register_with_trips() fails after adding a thermal governor to the thermal zone being registered, the governor is not removed from it as appropriate which may lead to a memory leak.
In turn, thermal_zone_device_unregister() calls thermal_set_governor() without acquiring the thermal zone lock beforehand which may race with a governor update via sysfs and may lead to a use-after-free in that case.
Address these issues by adding two thermal_set_governor() calls, one to thermal_release() to remove the governor from the given thermal zone, and one to the thermal zone registration error path to cover failures preceding the thermal zone device registration.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 < a172fa18bc370b776ac1510abb0dcb50a7a35fac | affected |
| Linux | Linux | e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 < 8e563d8db50f303171aceb79eec0807e7ba06951 | affected |
| Linux | Linux | e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 < d4eb861adde5ce22e459fbd29366f47bb2167977 | affected |
| Linux | Linux | e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 < 37a430a2d4e66ec8238da6c7f7e48809bf265e13 | affected |
| Linux | Linux | e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 < f412e541d25a3dfaf3d53e012ade6ff03cae8a45 | affected |
| Linux | Linux | e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 < 75f8f3c3e09122270986de9d7aa347d701676761 | affected |
| Linux | Linux | e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 < 64d4ebf91d082034bbc5ae3ba2d7fd800bc02d06 | affected |
| Linux | Linux | e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 < 41ff66baf81c6541f4f985dd7eac4494d03d9440 | affected |
| Linux | Linux | 4.2 | affected |
| Linux | Linux | 0 < 4.2 | unaffected |
| Linux | Linux | 5.10.259 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.210 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.176 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.140 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.86 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.27 <= 6.18.* | unaffected |
| Linux | Linux | 7.0.4 <= 7.0.* | unaffected |
| Linux | Linux | 7.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/a172fa18bc370b776ac1510abb0dcb50a7a35fac
- https://git.kernel.org/stable/c/8e563d8db50f303171aceb79eec0807e7ba06951
- https://git.kernel.org/stable/c/d4eb861adde5ce22e459fbd29366f47bb2167977
- https://git.kernel.org/stable/c/37a430a2d4e66ec8238da6c7f7e48809bf265e13
- https://git.kernel.org/stable/c/f412e541d25a3dfaf3d53e012ade6ff03cae8a45
- https://git.kernel.org/stable/c/75f8f3c3e09122270986de9d7aa347d701676761
- https://git.kernel.org/stable/c/64d4ebf91d082034bbc5ae3ba2d7fd800bc02d06
- https://git.kernel.org/stable/c/41ff66baf81c6541f4f985dd7eac4494d03d9440
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.