References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

thermal: core: Fix thermal zone device registration error path

If thermal_zone_device_register_with_trips() fails after registering
a thermal zone device, it needs to wait for the tz->removal completion
like thermal_zone_device_unregister(), in case user space has managed
to take a reference to the thermal zone device's kobject, in which case
thermal_release() may not be called by the error path itself and tz may
be freed prematurely.

Add the missing wait_for_completion() call to the thermal zone device
registration error path.

https://git.kernel.org/stable/c/4d390f0e507dfb16d58f83a58d78d1150dc8b9d7

https://git.kernel.org/stable/c/604da9c04c218362e1c1457304ebeb9c199d537c

https://git.kernel.org/stable/c/9e07e3b81807edd356e1f794cffa00a428eff443

https://git.kernel.org/stable/c/9e796001af97a1f7368d5114b7a8533dd98d797a

https://git.kernel.org/stable/c/c4c7219e93319bba9ba0765dee597784c78f63c5