CVE-2026-46021 PUBLISHED

thermal: core: Fix thermal zone governor cleanup issues

Assigner: Linux
Reserved: 13.05.2026 Published: 27.05.2026 Updated: 27.05.2026

In the Linux kernel, the following vulnerability has been resolved:

thermal: core: Fix thermal zone governor cleanup issues

If thermal_zone_device_register_with_trips() fails after adding a thermal governor to the thermal zone being registered, the governor is not removed from it as appropriate which may lead to a memory leak.

In turn, thermal_zone_device_unregister() calls thermal_set_governor() without acquiring the thermal zone lock beforehand which may race with a governor update via sysfs and may lead to a use-after-free in that case.

Address these issues by adding two thermal_set_governor() calls, one to thermal_release() to remove the governor from the given thermal zone, and one to the thermal zone registration error path to cover failures preceding the thermal zone device registration.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 to 37a430a2d4e66ec8238da6c7f7e48809bf265e13 (excl.)
  • affected from e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 to f412e541d25a3dfaf3d53e012ade6ff03cae8a45 (excl.)
  • affected from e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 to 75f8f3c3e09122270986de9d7aa347d701676761 (excl.)
  • affected from e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 to 64d4ebf91d082034bbc5ae3ba2d7fd800bc02d06 (excl.)
  • affected from e33df1d2f3a0141cd79e770f31999ba0dd7ebfa8 to 41ff66baf81c6541f4f985dd7eac4494d03d9440 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 4.2 is affected
  • unaffected from 0 to 4.2 (excl.)
  • unaffected from 6.6.140 to 6.6.* (incl.)
  • unaffected from 6.12.86 to 6.12.* (incl.)
  • unaffected from 6.18.27 to 6.18.* (incl.)
  • unaffected from 7.0.4 to 7.0.* (incl.)
  • unaffected from 7.1-rc1 to * (incl.)

References