CVE-2024-36932

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.8 and later

Description The issue is related to a use-after-free vulnerability in the thermal/debugfs subsystem. The thermal debug cdev remove() function does not run under cdev->lock, allowing it to run in parallel with thermal debug cdev state update(). This can cause the struct thermal debugfs object to be freed after it has been checked against NULL, leading to a kernel crash when thermal debug cdev state update() accesses the already freed memory. The vulnerability can be addressed by using cdev->lock in thermal debug cdev remove() around the cdev->debugfs value check and its reset to NULL.

Recommendations To resolve the issue, update to a version of the Linux kernel that includes the fix for this vulnerability. Specifically, for Linux kernel versions 6.8 and later, apply the patch that uses cdev->lock in thermal debug cdev remove() to prevent the use-after-free condition. As a temporary workaround, consider disabling the thermal debug cdev remove() function until a patch is available.