CVE-2024-36932 Information

Description

In the Linux kernel the following vulnerability has been resolved:

thermal/debugfs: Prevent use-after-free from occurring after cdev removal

Since thermal_debug_cdev_remove() does not run under cdev->lock it can run in parallel with thermal_debug_cdev_state_update() and it may free the struct thermal_debugfs object used by the latter after it has been checked against NULL.

If that happens thermal_debug_cdev_state_update() will access memory that has been freed already causing the kernel to crash.

Address this by using cdev->lock in thermal_debug_cdev_remove() around the cdev->debugfs value check (in case the same cdev is removed at the same time in two different threads) and its reset to NULL.

Cc :6.8+ stable@vger.kernel.org 6.8+

Reference

https://git.kernel.org/stable/c/c1279dee33369e2525f532364bb87207d23b9481 https://git.kernel.org/stable/c/d351eb0ab04c3e8109895fc33250cebbce9c11da