CVE-2026-46021
Published: May 27, 2026
Modified: May 27, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone governor cleanup issues If thermal_zone_device_register_with_trips() fails after adding a thermal governor to the thermal zone being registered, the governor is not removed from it as appropriate which may lead to a memory leak. In turn, thermal_zone_device_unregister() calls thermal_set_governor() without acquiring the thermal zone lock beforehand which may race with a governor update via sysfs and may lead to a use-after-free in that case. Address these issues by adding two thermal_set_governor() calls, one to thermal_release() to remove the governor from the given thermal zone, and one to the thermal zone registration error path to cover failures preceding the thermal zone device registration.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 - < 37a430a2d4e66ec8238da6c7f7e48809bf265e13affected e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 - < f412e541d25a3dfaf3d53e012ade6ff03cae8a45affected e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 - < 75f8f3c3e09122270986de9d7aa347d701676761affected e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 - < 64d4ebf91d082034bbc5ae3ba2d7fd800bc02d06affected e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 - < 41ff66baf81c6541f4f985dd7eac4494d03d9440 |
Linux | Linux | affected 4.2unaffected 0 - < 4.2unaffected 6.6.140 - <= 6.6.*unaffected 6.12.86 - <= 6.12.*unaffected 6.18.27 - <= 6.18.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now