Rafael J. Wysocki

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: A vulnerability in the Linux kernel has been resolved, related to the thermal core. The issue involves a `tzp` copy being freed along with the thermal zone, but the object pointed to by `tz->tzp` may still be accessed after being freed in the `thermal zone device unregister()` function. To fix this, the freeing of the object is moved to a point after the removal completion, where it can no longer be accessed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference in the zone registration error path of the thermal core in the Linux kernel. If `device register()` in `thermal zone device register with trips()` returns an error, the `tz` variable is set to NULL and subsequently dereferenced in `kfree(tz->tzp)`. This problem arose from a commit intended to avoid a double-free after dropping the reference to the zone device, but it became redundant after another commit changed the behavior of `thermal zone device unregister()`. The vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.