CVE-2024-50028
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-50028
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50028.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-50028
- Downstream
- Related
- Published
- 2024-10-21T19:39:31.809Z
- Modified
- 2025-11-27T02:33:33.489277Z
- Summary
- thermal: core: Reference count the zone in thermal_zone_get_by_id()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
thermal: core: Reference count the zone in thermalzonegetbyid()
There are places in the thermal netlink code where nothing prevents the thermal zone object from going away while being accessed after it has been returned by thermalzonegetbyid().
To address this, make thermalzonegetbyid() get a reference on the thermal zone device object to be returned with the help of getdevice(), under thermallist_lock, and adjust all of its callers to this change with the help of the cleanup.h infrastructure.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/cc431b3424123d84bcd7afd4de150b33f117a8ef/cves/2024/50xxx/CVE-2024-50028.json" }- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1ce50e7d408ef2bdc8ca021363fd46d1b8bfad00Fixedc95538b286efc6109c987e97a051bc7844ede802
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1ce50e7d408ef2bdc8ca021363fd46d1b8bfad00Fixeda42a5839f400e929c489bb1b58f54596c4535167