CVE-2024-36956: thermal/debugfs: Free all thermal zone debug memory on zone removal

Description

In the Linux kernel, the following vulnerability has been resolved:

thermal/debugfs: Free all thermal zone debug memory on zone removal

Because thermal_debug_tz_remove() does not free all memory allocated for
thermal zone diagnostics, some of that memory becomes unreachable after
freeing the thermal zone's struct thermal_debugfs object.

Address this by making thermal_debug_tz_remove() free all of the memory
in question.

Cc :6.8+ # 6.8+

Classification

CVE ID: CVE-2024-36956

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/f51564e4b3992b53df79460ed5781a5330b5b1d5
https://git.kernel.org/stable/c/72c1afffa4c645fe0e0f1c03e5f34395ed65b5f4

Timeline

2024-12-20 00:38:29 UTC
CVE

thermal/debugfs: Free all thermal zone debug memory on zone removal