CVE-2024-27006 in Linuxinfo

Summary

by MITRE • 05/01/2024

In the Linux kernel, the following vulnerability has been resolved:

thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()

The count field in struct trip_stats, representing the number of times the zone temperature was above the trip point, needs to be incremented in thermal_debug_tz_trip_up(), for two reasons.

First, if a trip point is crossed on the way up for the first time, thermal_debug_update_temp() called from update_temperature() does not see it because it has not been added to trips_crossed[] array
in the thermal zone's struct tz_debugfs object yet. Therefore, when thermal_debug_tz_trip_up() is called after that, the trip point's count value is 0, and the attempt to divide by it during the average temperature computation leads to a divide error which causes the kernel to crash. Setting the count to 1 before the division by incrementing it fixes this problem.

Second, if a trip point is crossed on the way up, but it has been crossed on the way up already before, its count value needs to be incremented to make a record of the fact that the zone temperature is above the trip now. Without doing that, if the mitigations applied after crossing the trip cause the zone temperature to drop below its threshold, the count will not be updated for this episode at all and the average temperature in the trip statistics record will be somewhat higher than it should be.

Cc :6.8+ # 6.8+

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 02/07/2026

The vulnerability described in CVE-2024-27006 resides within the Linux kernel's thermal management subsystem, specifically affecting the debugfs interface for thermal zones. This issue manifests in the thermal_debug_tz_trip_up() function which is responsible for tracking temperature trip points within thermal zones. The flaw represents a critical oversight in the accounting mechanism for temperature monitoring, where the count field within the trip_stats structure fails to be properly incremented during thermal event processing. This deficiency directly impacts the kernel's ability to maintain accurate thermal statistics and can lead to system instability through kernel panics.

The technical root cause stems from the improper handling of trip point crossing events within the thermal debugging framework. When a thermal zone temperature exceeds a defined trip point, the system should increment a counter that tracks how many times each trip point has been crossed. However, the current implementation fails to perform this increment operation in the thermal_debug_tz_trip_up() function. This creates a scenario where the count field remains at zero during critical calculations, particularly during average temperature computations. The absence of proper count incrementation leads to division by zero errors when the kernel attempts to calculate average temperatures based on these unincremented statistics, resulting in immediate kernel crashes and system termination.

The operational impact of this vulnerability extends beyond simple system crashes to affect the reliability of thermal monitoring and management within Linux systems. When the kernel encounters a divide-by-zero error during thermal statistics computation, it triggers a kernel panic which terminates the system's operation. This represents a severe reliability issue for embedded systems, servers, and devices that depend on consistent thermal monitoring. The vulnerability particularly affects systems running kernel versions 6.8 and later, where the thermal debugging features are actively enabled and utilized. Additionally, the improper accounting affects the accuracy of thermal statistics, leading to potentially misleading thermal data that could impact system cooling strategies and thermal mitigation decisions.

This vulnerability maps directly to CWE-369, which addresses the divide by zero weakness, and also relates to CWE-248, concerning the exposure of an exception condition. The issue manifests in the ATT&CK framework under the T1499.004 technique for network denial of service, as it can cause system crashes and prevent normal operation. The vulnerability also aligns with T1547.001 for privilege escalation through kernel exploitation, as a malicious actor could potentially leverage this crash condition to gain system control. The flaw demonstrates poor input validation and error handling within kernel space, where the system fails to properly validate the state of counter variables before performing mathematical operations. The fix requires adding a simple increment operation to the count field, but this seemingly minor change addresses critical reliability and security concerns within the kernel's thermal management subsystem. This vulnerability highlights the importance of proper resource management in kernel code and demonstrates how seemingly small accounting errors can lead to catastrophic system failures, particularly in environments where thermal management is critical for hardware longevity and system stability.

Reservation

02/19/2024

Disclosure

05/01/2024

Moderation

accepted

CPE

ready

EPSS

0.00227

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!