CVE-2024-36961
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-36961
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36961.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-36961
- Downstream
- Published
- 2024-06-03T07:49:59Z
- Modified
- 2025-10-17T06:07:28.476160Z
- Summary
- thermal/debugfs: Fix two locking issues with thermal zone debug
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
thermal/debugfs: Fix two locking issues with thermal zone debug
With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs pointer is set which will result in a NULL pointer dereference in tzeseqstart().
Moreover, thermaldebugtzremove() is not called under the thermal zone lock, so it can run in parallel with the other functions accessing the thermal zone's struct thermaldebugfs object. Then, it may clear tz->debugfs after one of those functions has checked it and the struct thermal_debugfs object may be freed prematurely.
To address the first problem, pass a pointer to the thermal zone's struct thermaldebugfs object to debugfscreatefile() in thermaldebugtzadd() and make tzeseqstart(), tzeseqnext(), tzeseqstop(), and tzeseqshow() retrieve it from s->private instead of a pointer to the thermal zone object. This will ensure that tzdebugfs will be valid across the "mitigations" file accesses until thermaldebugfsremoveid() called by thermaldebugtz_remove() removes that file.
To address the second problem, use tz->lock in thermaldebugtz_remove() around the tz->debugfs value check (in case the same thermal zone is removed at the same time in two different threads) and its reset to NULL.
Cc :6.8+ stable@vger.kernel.org # 6.8+
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7ef01f228c9f54c6260319858be138a8a7e9e704Fixed6c57bdd0505422d5ccd2df541d993aec978c842e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7ef01f228c9f54c6260319858be138a8a7e9e704Fixedc7f7c37271787a7f77d7eedc132b0b419a76b4c8
Affected versions
v6.*
v6.7
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
Database specific
vanir_signatures
[
{
"id": "CVE-2024-36961-23abac5e",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 429.0,
"function_hash": "225131544123557879309155613218116862162"
},
"target": {
"function": "thermal_debug_tz_add",
"file": "drivers/thermal/thermal_debugfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c57bdd0505422d5ccd2df541d993aec978c842e",
"signature_type": "Function"
},
{
"id": "CVE-2024-36961-2b6bbc8e",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 424.0,
"function_hash": "310170557919109743548021568404520142101"
},
"target": {
"function": "thermal_debug_tz_remove",
"file": "drivers/thermal/thermal_debugfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c57bdd0505422d5ccd2df541d993aec978c842e",
"signature_type": "Function"
},
{
"id": "CVE-2024-36961-5b4b2f09",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 236.0,
"function_hash": "20508602707930042857818228658498528323"
},
"target": {
"function": "tze_seq_start",
"file": "drivers/thermal/thermal_debugfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7f7c37271787a7f77d7eedc132b0b419a76b4c8",
"signature_type": "Function"
},
{
"id": "CVE-2024-36961-61a4ee48",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 229.0,
"function_hash": "231101696512337744608788301106019676364"
},
"target": {
"function": "tze_seq_next",
"file": "drivers/thermal/thermal_debugfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7f7c37271787a7f77d7eedc132b0b419a76b4c8",
"signature_type": "Function"
},
{
"id": "CVE-2024-36961-893f8b6d",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"2181253610356846200232671382355753738",
"204633414231780697586913262754182008149",
"338694037076907625549822277199077404720",
"262214043092344751740811587789517495588",
"338414616245201761041138255515857197976",
"74582569437148660908710973266665366380",
"252162493186739289607668500883254508493",
"229181863740867246120613143765996344764",
"297692386417864485064630861815472774244",
"251516914769573084448414279586334932800",
"128787806434434763844014407394062160026",
"91876922137744474228957534733409515257",
"229181863740867246120613143765996344764",
"132541734628496961308033643509530040597",
"239661587619228046382419507607231078449",
"60283966605699888988013220580449905896",
"185341054194215214529269603506978597557",
"19734698533252617130416722234278156005",
"155984651084136268091932758179621237747",
"169374882866268404289851638977919666058",
"94439453193381738990984373914053394789",
"52037116853463003067169559422286465737",
"256948419937155291132568013224950105406",
"129699431530947664886355757591808437238",
"20198014396946834914592854907354960183",
"117217611149761017367440387261300305919",
"2076945861779622777294659940124836770",
"240556255922444273688641716898845132637",
"9292620969465549759858393002518438894",
"153562639330699666656986682713684077188",
"169942299920521640983769851194059533665",
"50011110647902655834134514315211229068",
"308587740778591538885279163687818643453",
"253465775840611261083774558493719321317",
"322994434110051843495512955530193805937",
"74280524114978341772863586637992315083",
"234221653674558580459132165466192539453",
"309105648706824027145700642273326428675",
"32614016518809813288652069184488798256",
"57637160648207108908622630629694166225",
"21905581122019137385185079268417002297",
"137526370805956890888134943982762524747",
"80751455310176126533804950249827192961",
"301917848245417661453548452741553494091",
"152141119685244669316689403546785066392",
"256633838701801633212593386492260015086"
]
},
"target": {
"file": "drivers/thermal/thermal_debugfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c57bdd0505422d5ccd2df541d993aec978c842e",
"signature_type": "Line"
},
{
"id": "CVE-2024-36961-94ed8b43",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 236.0,
"function_hash": "20508602707930042857818228658498528323"
},
"target": {
"function": "tze_seq_start",
"file": "drivers/thermal/thermal_debugfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c57bdd0505422d5ccd2df541d993aec978c842e",
"signature_type": "Function"
},
{
"id": "CVE-2024-36961-97cf6dea",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 424.0,
"function_hash": "310170557919109743548021568404520142101"
},
"target": {
"function": "thermal_debug_tz_remove",
"file": "drivers/thermal/thermal_debugfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7f7c37271787a7f77d7eedc132b0b419a76b4c8",
"signature_type": "Function"
},
{
"id": "CVE-2024-36961-980b98df",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 152.0,
"function_hash": "10715526393318745404393432637129967341"
},
"target": {
"function": "tze_seq_stop",
"file": "drivers/thermal/thermal_debugfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7f7c37271787a7f77d7eedc132b0b419a76b4c8",
"signature_type": "Function"
},
{
"id": "CVE-2024-36961-aa84bd9f",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 229.0,
"function_hash": "231101696512337744608788301106019676364"
},
"target": {
"function": "tze_seq_next",
"file": "drivers/thermal/thermal_debugfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c57bdd0505422d5ccd2df541d993aec978c842e",
"signature_type": "Function"
},
{
"id": "CVE-2024-36961-c6c90a38",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 152.0,
"function_hash": "10715526393318745404393432637129967341"
},
"target": {
"function": "tze_seq_stop",
"file": "drivers/thermal/thermal_debugfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c57bdd0505422d5ccd2df541d993aec978c842e",
"signature_type": "Function"
},
{
"id": "CVE-2024-36961-c81c39c1",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"2181253610356846200232671382355753738",
"204633414231780697586913262754182008149",
"338694037076907625549822277199077404720",
"262214043092344751740811587789517495588",
"338414616245201761041138255515857197976",
"74582569437148660908710973266665366380",
"252162493186739289607668500883254508493",
"229181863740867246120613143765996344764",
"297692386417864485064630861815472774244",
"251516914769573084448414279586334932800",
"128787806434434763844014407394062160026",
"91876922137744474228957534733409515257",
"229181863740867246120613143765996344764",
"132541734628496961308033643509530040597",
"239661587619228046382419507607231078449",
"60283966605699888988013220580449905896",
"185341054194215214529269603506978597557",
"19734698533252617130416722234278156005",
"155984651084136268091932758179621237747",
"169374882866268404289851638977919666058",
"94439453193381738990984373914053394789",
"52037116853463003067169559422286465737",
"256948419937155291132568013224950105406",
"129699431530947664886355757591808437238",
"20198014396946834914592854907354960183",
"117217611149761017367440387261300305919",
"2076945861779622777294659940124836770",
"240556255922444273688641716898845132637",
"9292620969465549759858393002518438894",
"153562639330699666656986682713684077188",
"169942299920521640983769851194059533665",
"50011110647902655834134514315211229068",
"308587740778591538885279163687818643453",
"253465775840611261083774558493719321317",
"322994434110051843495512955530193805937",
"74280524114978341772863586637992315083",
"234221653674558580459132165466192539453",
"309105648706824027145700642273326428675",
"32614016518809813288652069184488798256",
"57637160648207108908622630629694166225",
"21905581122019137385185079268417002297",
"137526370805956890888134943982762524747",
"80751455310176126533804950249827192961",
"301917848245417661453548452741553494091",
"152141119685244669316689403546785066392",
"256633838701801633212593386492260015086"
]
},
"target": {
"file": "drivers/thermal/thermal_debugfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7f7c37271787a7f77d7eedc132b0b419a76b4c8",
"signature_type": "Line"
},
{
"id": "CVE-2024-36961-dbb8df21",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1058.0,
"function_hash": "198732467743368799401698913104681065609"
},
"target": {
"function": "tze_seq_show",
"file": "drivers/thermal/thermal_debugfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c57bdd0505422d5ccd2df541d993aec978c842e",
"signature_type": "Function"
},
{
"id": "CVE-2024-36961-dc82b244",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 429.0,
"function_hash": "225131544123557879309155613218116862162"
},
"target": {
"function": "thermal_debug_tz_add",
"file": "drivers/thermal/thermal_debugfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7f7c37271787a7f77d7eedc132b0b419a76b4c8",
"signature_type": "Function"
},
{
"id": "CVE-2024-36961-f163dc66",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1058.0,
"function_hash": "198732467743368799401698913104681065609"
},
"target": {
"function": "tze_seq_show",
"file": "drivers/thermal/thermal_debugfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7f7c37271787a7f77d7eedc132b0b419a76b4c8",
"signature_type": "Function"
}
]