CVE-2024-36956

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-36956

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36956.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-36956

Downstream

BELL-CVE-2024-36956

DEBIAN-CVE-2024-36956

RHSA-2024:9315

UBUNTU-CVE-2024-36956

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Published

2024-05-30T15:35:49Z

Modified

2025-10-17T06:41:58.211067Z

Summary

thermal/debugfs: Free all thermal zone debug memory on zone removal

Details

In the Linux kernel, the following vulnerability has been resolved:

thermal/debugfs: Free all thermal zone debug memory on zone removal

Because thermaldebugtzremove() does not free all memory allocated for thermal zone diagnostics, some of that memory becomes unreachable after freeing the thermal zone's struct thermaldebugfs object.

Address this by making thermaldebugtz_remove() free all of the memory in question.

Cc :6.8+ stable@vger.kernel.org # 6.8+

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

7ef01f228c9f54c6260319858be138a8a7e9e704

Fixed

f51564e4b3992b53df79460ed5781a5330b5b1d5

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

7ef01f228c9f54c6260319858be138a8a7e9e704

Fixed

72c1afffa4c645fe0e0f1c03e5f34395ed65b5f4

Affected versions

v6.*

v6.7

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.8.1

v6.8.2

v6.8.3

v6.8.4

v6.8.5

v6.8.6

v6.8.7

v6.8.8

v6.8.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.8.0

Fixed

6.8.10