CVE-2023-52473: thermal: core: Fix NULL pointer dereference in zone registration error path
In the Linux kernel, the following vulnerability has been resolved:
thermal: core: Fix NULL pointer dereference in zone registration error path
If device_register() in thermal_zone_device_register_with_trips()
returns an error, the tz variable is set to NULL and subsequently
dereferenced in kfree(tz->tzp).
Commit adc8749b150c ("thermal/drivers/core: Use put_device() if
device_register() fails") added the tz = NULL assignment in question to
avoid a possible double-free after dropping the reference to the zone
device. However, after commit 4649620d9404 ("thermal: core: Make
thermal_zone_device_unregister() return after freeing the zone"), that
assignment has become redundant, because dropping the reference to the
zone device does not cause the zone object to be freed any more.
Drop it to address the NULL pointer dereference.
Security readout for executives and security teams
Plain-English summary
CVE-2023-52473 is a Linux kernel bug in thermal zone registration. Under a specific error condition, the kernel can dereference a NULL pointer, which may crash the system. The public record does not show active exploitation or a CVSS score. Treat it primarily as an availability risk for Linux systems using affected kernel builds.
Executive priority
Schedule remediation through normal kernel patch cycles unless affected systems are safety-critical or availability-sensitive. Escalate priority for production, embedded, or appliance environments where a kernel crash could cause service interruption.
Technical view
In thermal_zone_device_register_with_trips(), if device_register() fails, tz is set to NULL and later tz->tzp is freed, causing a NULL pointer dereference. Kernel stable fixes remove the redundant NULL assignment. The issue is in the thermal core registration error path, not a documented remote code execution path.
Likely exposure
Exposure is limited to Linux systems running affected kernel versions or downstream builds containing the vulnerable thermal core code. The source bundle lists Linux 6.4, 6.6.14, 6.7.2, and 6.8 as affected, but downstream distribution status should be verified.
Exploitation context
No CISA KEV listing is provided, and the supplied sources do not report active exploitation. Exploitation would require triggering a device registration failure in the kernel thermal zone registration path. Public sources provided do not describe practical exploitability or attacker prerequisites.
Researcher notes
The record lacks CVSS, CWE, and detailed exploitability analysis. The bug is clearly described as a NULL pointer dereference in a cleanup/error path. Assessment should focus on reachability of thermal zone registration failure in target kernels and whether downstream vendors backported the stable commits.
Mitigation direction
Update to a vendor kernel containing the referenced stable thermal core fix.
Check Linux distribution advisories for backported fixes and affected package versions.
Prioritize systems where unexpected kernel crashes have high business impact.
If patch timing is uncertain, monitor vendor guidance for supported mitigations.
Validation and detection
Inventory Linux kernel versions across servers, appliances, and embedded systems.
Compare running kernels against distribution advisories and the referenced stable commits.
Confirm patched kernels are installed and active after reboot.
Review kernel logs for thermal zone registration failures or NULL pointer crashes.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2023-52473 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.