CVE-2026-43332
Thermal Zone Device Registration Error in Linux Kernel
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is related to the Linux kernel's thermal management system. Specifically, it involves an error in the thermal zone device registration process. When the function thermal_zone_device_register_with_trips() fails after registering a thermal zone device, it does not properly wait for the removal completion. This can cause the thermal zone device's resources to be freed prematurely if user space has taken a reference to the device's kobject, potentially leading to improper cleanup and resource management.
The fix involves adding a missing wait_for_completion() call in the error path to ensure that the system waits for the removal process to complete before freeing resources.
How can this vulnerability impact me? :
This vulnerability can lead to premature freeing of thermal zone device resources in the Linux kernel. If user space holds references to these devices, the improper cleanup could cause system instability, crashes, or undefined behavior related to thermal management.
Such instability might affect system reliability, especially in environments where thermal management is critical for hardware safety and performance.