CVE-2024-36932

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-36932
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36932.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-36932
Downstream
Published
2024-05-30T15:29:23Z
Modified
2025-10-15T11:08:28.416614Z
Summary
thermal/debugfs: Prevent use-after-free from occurring after cdev removal
Details

In the Linux kernel, the following vulnerability has been resolved:

thermal/debugfs: Prevent use-after-free from occurring after cdev removal

Since thermaldebugcdevremove() does not run under cdev->lock, it can run in parallel with thermaldebugcdevstateupdate() and it may free the struct thermaldebugfs object used by the latter after it has been checked against NULL.

If that happens, thermaldebugcdevstateupdate() will access memory that has been freed already causing the kernel to crash.

Address this by using cdev->lock in thermaldebugcdev_remove() around the cdev->debugfs value check (in case the same cdev is removed at the same time in two different threads) and its reset to NULL.

Cc :6.8+ stable@vger.kernel.org # 6.8+

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
755113d7678681a137c330f7997ceb680adb644e
Fixed
c1279dee33369e2525f532364bb87207d23b9481
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
755113d7678681a137c330f7997ceb680adb644e
Fixed
d351eb0ab04c3e8109895fc33250cebbce9c11da

Affected versions

v6.*

v6.7
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5

Database specific

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "drivers/thermal/thermal_debugfs.c"
            },
            "id": "CVE-2024-36932-3df57404",
            "digest": {
                "line_hashes": [
                    "266432215472722955462407272430713059197",
                    "97877517086037017215784120462924655123",
                    "250695832661910602594264993561705363143",
                    "64914132122583078398246282405952404403",
                    "77678114947800339808639083258099781184",
                    "6380669417182525585805646683697361646",
                    "3046068617855743692395066274926113842",
                    "229084343120340220408905991793731438755",
                    "181690678619828118105583621917725921145"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d351eb0ab04c3e8109895fc33250cebbce9c11da"
        },
        {
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "drivers/thermal/thermal_debugfs.c",
                "function": "thermal_debug_cdev_remove"
            },
            "id": "CVE-2024-36932-89c33648",
            "digest": {
                "length": 227.0,
                "function_hash": "20989701473336669265140374959910958602"
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1279dee33369e2525f532364bb87207d23b9481"
        },
        {
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "drivers/thermal/thermal_debugfs.c",
                "function": "thermal_debug_cdev_remove"
            },
            "id": "CVE-2024-36932-c0c248fc",
            "digest": {
                "length": 227.0,
                "function_hash": "20989701473336669265140374959910958602"
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d351eb0ab04c3e8109895fc33250cebbce9c11da"
        },
        {
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "drivers/thermal/thermal_debugfs.c"
            },
            "id": "CVE-2024-36932-c74a5192",
            "digest": {
                "line_hashes": [
                    "266432215472722955462407272430713059197",
                    "97877517086037017215784120462924655123",
                    "250695832661910602594264993561705363143",
                    "64914132122583078398246282405952404403",
                    "77678114947800339808639083258099781184",
                    "6380669417182525585805646683697361646",
                    "3046068617855743692395066274926113842",
                    "229084343120340220408905991793731438755",
                    "181690678619828118105583621917725921145"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1279dee33369e2525f532364bb87207d23b9481"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.8.10

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
755113d76786
Fixed
c1279dee3336
Type
ECOSYSTEM
Events
Introduced
755113d76786
Fixed
d351eb0ab04c
Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
6.8