CVE-2024-27006

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()<br /> <br /> The count field in struct trip_stats, representing the number of times<br /> the zone temperature was above the trip point, needs to be incremented<br /> in thermal_debug_tz_trip_up(), for two reasons.<br /> <br /> First, if a trip point is crossed on the way up for the first time,<br /> thermal_debug_update_temp() called from update_temperature() does<br /> not see it because it has not been added to trips_crossed[] array<br /> in the thermal zone&amp;#39;s struct tz_debugfs object yet. Therefore, when<br /> thermal_debug_tz_trip_up() is called after that, the trip point&amp;#39;s<br /> count value is 0, and the attempt to divide by it during the average<br /> temperature computation leads to a divide error which causes the kernel<br /> to crash. Setting the count to 1 before the division by incrementing it<br /> fixes this problem.<br /> <br /> Second, if a trip point is crossed on the way up, but it has been<br /> crossed on the way up already before, its count value needs to be<br /> incremented to make a record of the fact that the zone temperature is<br /> above the trip now. Without doing that, if the mitigations applied<br /> after crossing the trip cause the zone temperature to drop below its<br /> threshold, the count will not be updated for this episode at all and<br /> the average temperature in the trip statistics record will be somewhat<br /> higher than it should be.<br /> <br /> Cc :6.8+ # 6.8+