CVE-2023-52473

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> thermal: core: Fix NULL pointer dereference in zone registration error path<br /> <br /> If device_register() in thermal_zone_device_register_with_trips()<br /> returns an error, the tz variable is set to NULL and subsequently<br /> dereferenced in kfree(tz-&gt;tzp).<br /> <br /> Commit adc8749b150c ("thermal/drivers/core: Use put_device() if<br /> device_register() fails") added the tz = NULL assignment in question to<br /> avoid a possible double-free after dropping the reference to the zone<br /> device. However, after commit 4649620d9404 ("thermal: core: Make<br /> thermal_zone_device_unregister() return after freeing the zone"), that<br /> assignment has become redundant, because dropping the reference to the<br /> zone device does not cause the zone object to be freed any more.<br /> <br /> Drop it to address the NULL pointer dereference.