CVE-2024-50027

thermal: core: Free tzp copy along with the thermal zone

Description

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Free tzp copy along with the thermal zone The object pointed to by tz->tzp may still be accessed after being freed in thermal_zone_device_unregister(), so move the freeing of it to the point after the removal completion has been completed at which it cannot be accessed any more.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/eabe285e1c629a719d6e68fc319939c63b83bf22
https://git.kernel.org/stable/c/bdb0d40507c85bee33c2a71fde7b2e857346f112 patch
https://git.kernel.org/stable/c/827a07525c099f54d3b15110408824541ec66b3c patch

Frequently Asked Questions

What is the severity of CVE-2024-50027?
CVE-2024-50027 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50027?
To fix CVE-2024-50027, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50027 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-50027 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50027?
CVE-2024-50027 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.