CVE-2026-43332

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the thermal core where the thermal zone device register with trips() function fails to properly handle the error path during thermal zone device registration. If the registration fails after the device is registered, the system does not wait for the tz->removal completion. This can lead to a situation where the tz object is freed prematurely if user space has already taken a reference to the thermal zone device's kobject, as thermal release() might not be called by the error path.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.