CVE-2026-43332

thermal: core: Fix thermal zone device registration error path

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone device registration error path If thermal_zone_device_register_with_trips() fails after registering
a thermal zone device, it needs to wait for the tz->removal completion
like thermal_zone_device_unregister(), in case user space has managed
to take a reference to the thermal zone device's kobject, in which case
thermal_release() may not be called by the error path itself and tz may
be freed prematurely. Add the missing wait_for_completion() call to the thermal zone device
registration error path.

*Credits: N/A

CVSS Scores

kernel.orgv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2026-05-01 CVE Reserved
2026-05-08 CVE Published
2026-05-12 CVE Updated
2026-05-14 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/335176dd8ebaca6493807dceea33c478305667fa	Vuln. Introduced
https://git.kernel.org/stable/c/04e6ccfc93c5a1aa1d75a537cf27e418895e20ea	Vuln. Introduced
https://git.kernel.org/stable/c/02871710b93058eb1249d5847c0b2d1c2c3c98ae	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/9e796001af97a1f7368d5114b7a8533dd98d797a	2026-04-11
https://git.kernel.org/stable/c/604da9c04c218362e1c1457304ebeb9c199d537c	2026-04-11
https://git.kernel.org/stable/c/c4c7219e93319bba9ba0765dee597784c78f63c5	2026-04-11
https://git.kernel.org/stable/c/4d390f0e507dfb16d58f83a58d78d1150dc8b9d7	2026-04-11
https://git.kernel.org/stable/c/9e07e3b81807edd356e1f794cffa00a428eff443	2026-04-02

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.14 < 6.6.134 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.14 < 6.6.134"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8 < 6.12.81 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.12.81"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8 < 6.18.22 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.18.22"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8 < 6.19.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.19.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8 < 7.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 7.0"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.7.2 Search vendor "Linux" for product "Linux Kernel" and version "6.7.2"		en		Affected