CVE-2026-46021
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel related to improper management of thermal zones. Issues with thermal governor cleanup may lead to memory leaks and use-after-free errors.
Risk Assessment
Organizations may face performance issues and potential crashes due to memory leaks, which could affect the stability of applications running on this kernel.
Recommendation
It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability and improve thermal zone management.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone governor cleanup issues If thermal_zone_device_register_with_trips() fails after adding a thermal governor to the thermal zone being registered, the governor is not removed from it as appropriate which may lead to a memory leak. In turn, thermal_zone_device_unregister() calls thermal_set_governor() without acquiring the thermal zone lock beforehand which may race with a governor update via sysfs and may lead to a use-after-free in that case. Address these issues by adding two thermal_set_governor() calls, one to thermal_release() to remove the governor from the given thermal zone, and one to the thermal zone registration error path to cover failures preceding the thermal zone device registration.

