CVE-2024-27006

In the Linux kernel, the following vulnerability has been resolved:
thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()
The count field in struct trip_stats, representing the number of times the
zone temperature was above the trip point, needs to be incremented in
thermal_debug_tz_trip_up(), for two reasons. First, if a trip point is
crossed on the way up for the first time, thermal_debug_update_temp()
called from update_temperature() does not see it because it has not been
added to trips_crossed[] array in the thermal zone’s struct tz_debugfs
object yet. Therefore, when thermal_debug_tz_trip_up() is called after
that, the trip point’s count value is 0, and the attempt to divide by it
during the average temperature computation leads to a divide error which
causes the kernel to crash. Setting the count to 1 before the division by
incrementing it fixes this problem. Second, if a trip point is crossed on
the way up, but it has been crossed on the way up already before, its count
value needs to be incremented to make a record of the fact that the zone
temperature is above the trip now. Without doing that, if the mitigations
applied after crossing the trip cause the zone temperature to drop below
its threshold, the count will not be updated for this episode at all and
the average temperature in the trip statistics record will be somewhat
higher than it should be. Cc :6.8+ <[email protected]> # 6.8+