CVE-2024-36932

Published: May 30, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Prevent use-after-free from occurring after cdev removal Since thermal_debug_cdev_remove() does not run under cdev->lock, it can run in parallel with thermal_debug_cdev_state_update() and it may free the struct thermal_debugfs object used by the latter after it has been checked against NULL. If that happens, thermal_debug_cdev_state_update() will access memory that has been freed already causing the kernel to crash. Address this by using cdev->lock in thermal_debug_cdev_remove() around the cdev->debugfs value check (in case the same cdev is removed at the same time in two different threads) and its reset to NULL. Cc :6.8+ <[email protected]> # 6.8+

Vendor	Product	Versions
Linux	Linux	affected `755113d7678681a137c330f7997ceb680adb644e - < c1279dee33369e2525f532364bb87207d23b9481` affected `755113d7678681a137c330f7997ceb680adb644e - < d351eb0ab04c3e8109895fc33250cebbce9c11da`
Linux	Linux	affected `6.8` unaffected `0 - < 6.8` unaffected `6.8.10 - <= 6.8.` unaffected `6.9 - <= `

References

https://git.kernel.org/stable/c/c1279dee33369e2525f532364bb87207d23b9481

https://git.kernel.org/stable/c/d351eb0ab04c3e8109895fc33250cebbce9c11da

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-36932

Description

Affected Products

References