摘要:
In the Linux kernel, the following vulnerability has been resolved:thermal: core: Fix NULL pointer dereference in zone registration error pathIf device_register() in thermal_zone_device_register_with_trips()returns an error, the tz variable is set to NULL and subsequentlydereferenced in kfree(tz->tzp).Commit adc8749b150c ( thermal/drivers/core: Use put_device() ifdevice_register() fails ) added the tz = NULL assignment in question toavoid a possible double-free after dropping the reference to the zonedevice. However, after commit 4649620d9404 ( thermal: core: Makethermal_zone_device_unregister() return after freeing the zone ), thatassignment has become redundant, because dropping the reference to thezone device does not cause the zone object to be freed any more.Drop it to address the NULL pointer dereference.
安全等级: Low
公告ID: KylinSec-SA-2024-2245
发布日期: 2024年5月27日
关联CVE: CVE-2023-52473
In the Linux kernel, the following vulnerability has been resolved:thermal: core: Fix NULL pointer dereference in zone registration error pathIf device_register() in thermal_zone_device_register_with_trips()returns an error, the tz variable is set to NULL and subsequentlydereferenced in kfree(tz->tzp).Commit adc8749b150c ( thermal/drivers/core: Use put_device() ifdevice_register() fails ) added the tz = NULL assignment in question toavoid a possible double-free after dropping the reference to the zonedevice. However, after commit 4649620d9404 ( thermal: core: Makethermal_zone_device_unregister() return after freeing the zone ), thatassignment has become redundant, because dropping the reference to thezone device does not cause the zone object to be freed any more.Drop it to address the NULL pointer dereference.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2023-52473 | KY3.4-4A | kernel | Unaffected |
| CVE-2023-52473 | KY3.4-5A | kernel | Unaffected |
| CVE-2023-52473 | KY3.5.1 | kernel | Unaffected |
