CVE-2024-27006

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8

Description The issue is related to a missing count increment in the thermal debug tz trip up() function, which can cause a divide error and lead to a kernel crash. This occurs when a trip point is crossed on the way up for the first time, and the thermal debug update temp() function does not see it because it has not been added to the trips crossed[] array in the thermal zone's struct tz debugfs object yet. Additionally, if a trip point is crossed on the way up but has been crossed already before, its count value needs to be incremented to make a record of the fact that the zone temperature is above the trip now.

Recommendations To resolve the issue, update the Linux kernel to version 6.8 or later. As a temporary workaround, consider disabling the thermal debug tz trip up() function until a patch is available. Restrict access to the thermal zone's struct tz debugfs object to minimize the risk of exploitation. Avoid using the count field in the struct trip stats until the issue is resolved.