CVE-2026-46021

MEDIUM

thermal: core: Fix thermal zone governor cleanup issues

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone governor cleanup issues If thermal_zone_device_register_with_trips() fails after adding a thermal governor to the thermal zone being registered, the governor is not removed from it as appropriate which may lead to a memory leak. In turn, thermal_zone_device_unregister() calls thermal_set_governor() without acquiring the thermal zone lock beforehand which may race with a governor update via sysfs and may lead to a use-after-free in that case. Address these issues by adding two thermal_set_governor() calls, one to thermal_release() to remove the governor from the given thermal zone, and one to the thermal zone registration error path to cover failures preceding the thermal zone device registration.

Scores

CVSS v3 5.5
EPSS 0.0012
EPSS Percentile 2.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-401
Status published
Products (27)
linux/Kernel 4.2.0 - 5.10.259linux
linux/Kernel 5.11.0 - 5.15.210linux
linux/Kernel 5.16.0 - 6.1.176linux
linux/Kernel 6.13.0 - 6.18.27linux
linux/Kernel 6.19.0 - 7.0.4linux
linux/Kernel 6.2.0 - 6.6.140linux
linux/Kernel 6.7.0 - 6.12.86linux
Linux/Linux < 4.2
Linux/Linux 4.2
Linux/Linux 5.10.259 - 5.10.*
... and 17 more
Published May 27, 2026
Tracked Since May 27, 2026