CVE-2026-43332
Published: May 8, 2026
Modified: May 23, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone device registration error path If thermal_zone_device_register_with_trips() fails after registering a thermal zone device, it needs to wait for the tz->removal completion like thermal_zone_device_unregister(), in case user space has managed to take a reference to the thermal zone device's kobject, in which case thermal_release() may not be called by the error path itself and tz may be freed prematurely. Add the missing wait_for_completion() call to the thermal zone device registration error path.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 335176dd8ebaca6493807dceea33c478305667fa - < 9e796001af97a1f7368d5114b7a8533dd98d797aaffected 04e6ccfc93c5a1aa1d75a537cf27e418895e20ea - < 604da9c04c218362e1c1457304ebeb9c199d537caffected 04e6ccfc93c5a1aa1d75a537cf27e418895e20ea - < c4c7219e93319bba9ba0765dee597784c78f63c5affected 04e6ccfc93c5a1aa1d75a537cf27e418895e20ea - < 4d390f0e507dfb16d58f83a58d78d1150dc8b9d7affected 04e6ccfc93c5a1aa1d75a537cf27e418895e20ea - < 9e07e3b81807edd356e1f794cffa00a428eff443+3 more versions |
Linux | Linux | affected 6.8unaffected 0 - < 6.8unaffected 6.6.134 - <= 6.6.*unaffected 6.12.81 - <= 6.12.*unaffected 6.18.22 - <= 6.18.*+2 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now