CVE-2023-53012

thermal: core: call put_device() only after device_register() fails

Description

In the Linux kernel, the following vulnerability has been resolved: thermal: core: call put_device() only after device_register() fails put_device() shouldn't be called before a prior call to device_register(). __thermal_cooling_device_register() doesn't follow that properly and needs fixing. Also thermal_cooling_device_destroy_sysfs() is getting called unnecessarily on few error paths. Fix all this by placing the calls at the right place. Based on initial work done by Caleb Connolly.

N/A

CVSS

Severity:

EPSS 0.02%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/a7d736cc3c6cb0d7498bbfb56515d414e35e9510
https://git.kernel.org/stable/c/2846a7412f6246fd5171f51011bf76dfebcec0ee
https://git.kernel.org/stable/c/6c54b7bc8a31ce0f7cc7f8deef05067df414f1d8

Frequently Asked Questions

What is the severity of CVE-2023-53012?: CVE-2023-53012 has not yet been assigned a CVSS score.
How to fix CVE-2023-53012?: To fix CVE-2023-53012, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-53012 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-53012 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-53012?: CVE-2023-53012 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.