Description

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Prevent use-after-free from occurring after cdev removal Since thermal_debug_cdev_remove() does not run under cdev->lock, it can run in parallel with thermal_debug_cdev_state_update() and it may free the struct thermal_debugfs object used by the latter after it has been checked against NULL. If that happens, thermal_debug_cdev_state_update() will access memory that has been freed already causing the kernel to crash. Address this by using cdev->lock in thermal_debug_cdev_remove() around the cdev->debugfs value check (in case the same cdev is removed at the same time in two different threads) and its reset to NULL. Cc :6.8+ <[email protected]> # 6.8+

INFO

Published Date :

2024-05-30T15:29:23.178Z

Last Modified :

2025-05-04T09:12:20.893Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-36932 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-36932.

URL Resource
https://git.kernel.org/stable/c/c1279dee33369e2525f532364bb87207d23b9481 cve-icon cve-icon
https://git.kernel.org/stable/c/d351eb0ab04c3e8109895fc33250cebbce9c11da cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024053041-CVE-2024-36932-c22d@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-36932 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-36932 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact