CVE-2023-53012

EUVD-2023-59708
In the Linux kernel, the following vulnerability has been resolved:

thermal: core: call put_device() only after device_register() fails

put_device() shouldn't be called before a prior call to
device_register(). __thermal_cooling_device_register() doesn't follow
that properly and needs fixing. Also
thermal_cooling_device_destroy_sysfs() is getting called unnecessarily
on few error paths.

Fix all this by placing the calls at the right place.

Based on initial work done by Caleb Connolly.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
5.15.86 ≤
𝑥
< 5.16
linuxlinux_kernel
6.0.16 ≤
𝑥
< 6.1
linuxlinux_kernel
6.1.2 ≤
𝑥
< 6.2
linuxlinux_kernel
6.2:rc1
linuxlinux_kernel
6.2:rc2
linuxlinux_kernel
6.2:rc3
linuxlinux_kernel
6.2:rc4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.129-1
fixed
bookworm (security)
6.1.128-1
fixed
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.234-1
fixed
sid
6.12.20-1
fixed
trixie
6.12.19-1
fixed
References
https://git.kernel.org/stable/c/2846a7412f6246fd5171f51011bf76dfebcec0ee
https://git.kernel.org/stable/c/6c54b7bc8a31ce0f7cc7f8deef05067df414f1d8
https://git.kernel.org/stable/c/a7d736cc3c6cb0d7498bbfb56515d414e35e9510