Description
In the Linux kernel, the following vulnerability has been resolved:

thermal: core: Fix thermal zone device registration error path

If thermal_zone_device_register_with_trips() fails after registering
a thermal zone device, it needs to wait for the tz->removal completion
like thermal_zone_device_unregister(), in case user space has managed
to take a reference to the thermal zone device's kobject, in which case
thermal_release() may not be called by the error path itself and tz may
be freed prematurely.

Add the missing wait_for_completion() call to the thermal zone device
registration error path.
Published: 2026-05-08
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s thermal core failed to wait for the completion of a thermal zone device’s removal after a registration failure. As a result, if a thread still holds a reference to the device’s kobject, it may be freed prematurely by another part of the kernel, causing a use‑after‑free. This kernel fault can lead to a crash and bring the system down. Based on the description, it is inferred that the flaw can be triggered by code that forces a thermal zone registration to fail, which typically requires a privileged or local attacker capable of executing kernel‑level code.

Affected Systems

All releases of the Linux kernel built before the applied fix are affected. The vulnerability applies to the entire Linux:Linux product family, and any vendor that ships an unpatched kernel image will be vulnerable. Because the specific version range is not enumerated, any kernel that does not contain the referenced commit is at risk. System administrators should verify that the running kernel contains the fix or upgrade to a newer release that incorporates it.

Risk and Exploitability

The EPSS score of < 1% reflects a very low probability of exploitation in the wild. The CVSS score of 7.8 indicates high severity. This use‑after‑free can lead to a kernel panic and denial of service if a local attacker with kernel‑level privileges manages to trigger the faulty registration path. Though the exploitation probability is low, the potential impact remains significant because the bug occurs in the kernel and can crash the entire system. The vulnerability is not listed in CISA’s KEV catalog, so no publicly known zero‑day exploits have been reported.

Generated by OpenCVE AI on May 18, 2026 at 13:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the fix for thermal zone registration error handling
  • Restart the system to ensure the updated kernel is running
  • Monitor system logs (e.g., dmesg) for thermal driver errors and verify that no use‑after‑free faults occur

Generated by OpenCVE AI on May 18, 2026 at 13:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 12:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.7.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*

Sat, 16 May 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Sat, 16 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 11 May 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Mon, 11 May 2026 09:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Mon, 11 May 2026 07:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 08 May 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 08 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone device registration error path If thermal_zone_device_register_with_trips() fails after registering a thermal zone device, it needs to wait for the tz->removal completion like thermal_zone_device_unregister(), in case user space has managed to take a reference to the thermal zone device's kobject, in which case thermal_release() may not be called by the error path itself and tz may be freed prematurely. Add the missing wait_for_completion() call to the thermal zone device registration error path.
Title thermal: core: Fix thermal zone device registration error path
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-23T16:06:44.499Z

Reserved: 2026-05-01T14:12:56.002Z

Link: CVE-2026-43332

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T14:16:42.880

Modified: 2026-05-18T12:38:16.650

Link: CVE-2026-43332

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43332 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T13:30:06Z

Weaknesses