CVE-2024-36932
thermal/debugfs: Prevent use-after-free from occurring after cdev removal
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
thermal/debugfs: Prevent use-after-free from occurring after cdev removal
In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Prevent use-after-free from occurring after cdev removal Since thermal_debug_cdev_remove() does not run under cdev->lock, it can run in parallel with thermal_debug_cdev_state_update() and it may free the struct thermal_debugfs object used by the latter after it has been checked against NULL. If that happens, thermal_debug_cdev_state_update() will access memory that has been freed already causing the kernel to crash. Address this by using cdev->lock in thermal_debug_cdev_remove() around the cdev->debugfs value check (in case the same cdev is removed at the same time in two different threads) and its reset to NULL. Cc :6.8+ <stable@vger.kernel.org> # 6.8+
Reserved 2024-05-30 | Published 2024-05-30 | Updated 2025-05-04 | Assigner Linuxgit.kernel.org/...c/c1279dee33369e2525f532364bb87207d23b9481
git.kernel.org/...c/d351eb0ab04c3e8109895fc33250cebbce9c11da
Support options
