Detections
Analytics

CVE-2026-46021

medium

Description

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone governor cleanup issues If thermal_zone_device_register_with_trips() fails after adding a thermal governor to the thermal zone being registered, the governor is not removed from it as appropriate which may lead to a memory leak. In turn, thermal_zone_device_unregister() calls thermal_set_governor() without acquiring the thermal zone lock beforehand which may race with a governor update via sysfs and may lead to a use-after-free in that case. Address these issues by adding two thermal_set_governor() calls, one to thermal_release() to remove the governor from the given thermal zone, and one to the thermal zone registration error path to cover failures preceding the thermal zone device registration.

References

https://git.kernel.org/stable/c/f412e541d25a3dfaf3d53e012ade6ff03cae8a45

https://git.kernel.org/stable/c/d4eb861adde5ce22e459fbd29366f47bb2167977

https://git.kernel.org/stable/c/a172fa18bc370b776ac1510abb0dcb50a7a35fac

https://git.kernel.org/stable/c/8e563d8db50f303171aceb79eec0807e7ba06951

https://git.kernel.org/stable/c/75f8f3c3e09122270986de9d7aa347d701676761

https://git.kernel.org/stable/c/64d4ebf91d082034bbc5ae3ba2d7fd800bc02d06

https://git.kernel.org/stable/c/41ff66baf81c6541f4f985dd7eac4494d03d9440

https://git.kernel.org/stable/c/37a430a2d4e66ec8238da6c7f7e48809bf265e13

Details

Source: Mitre, NVD

Published: 2026-05-27

Updated: 2026-06-19

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018