Linux Kernel Memory Leak Vulnerability in Thermal Cooling Device Registration

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's thermal cooling device registration process. This issue arises in the thermal/core component when the __thermal_cooling_device_register() function is called. If the device_register() function fails, the thermal_cooling_device_destroy_sysfs() function needs to be invoked to free the allocated memory. The vulnerability was discovered during a fault injection test, which revealed an unreferenced object, indicating a memory leak.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Memory Leak Vulnerability in Thermal Cooling Device Registration

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating