Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-08T00:00:00 kernel: thermal: core: Fix thermal zone device registration error path 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-825

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone device registration error path If thermal_zone_device_register_with_trips() fails after registering a thermal zone device, it needs to wait for the tz->removal completion like thermal_zone_device_unregister(), in case user space has managed to take a reference to the thermal zone device's kobject, in which case thermal_release() may not be called by the error path itself and tz may be freed prematurely. Add the missing wait_for_completion() call to the thermal zone device registration error path.

A flaw was found in the Linux kernel's thermal core subsystem. When `thermal_zone_device_register_with_trips()` fails during device registration, it does not properly wait for the thermal zone device's removal completion. This can lead to the premature freeing of the device's memory, creating a use-after-free vulnerability. A local attacker could potentially exploit this to cause a denial of service.

Red Hat Enterprise Linux 10 Affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Affected kernel Red Hat Enterprise Linux 9 Affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-43332 https://nvd.nist.gov/vuln/detail/CVE-2026-43332 https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2026/CVE-2026-43332.mbox