Home

Description

In the Linux kernel, the following vulnerability has been resolved: power: supply: bq25980: Fix use-after-free in power_supply_changed() Using the `devm_` variant for requesting IRQ _before_ the `devm_` variant for allocating/registering the `power_supply` handle, means that the `power_supply` handle will be deallocated/unregistered _before_ the interrupt handler (since `devm_` naturally deallocates in reverse allocation order). This means that during removal, there is a race condition where an interrupt can fire just _after_ the `power_supply` handle has been freed, *but* just _before_ the corresponding unregistration of the IRQ handler has run. This will lead to the IRQ handler calling `power_supply_changed()` with a freed `power_supply` handle. Which usually crashes the system or otherwise silently corrupts the memory... Note that there is a similar situation which can also happen during `probe()`; the possibility of an interrupt firing _before_ registering the `power_supply` handle. This would then lead to the nasty situation of using the `power_supply` handle *uninitialized* in `power_supply_changed()`. Fix this racy use-after-free by making sure the IRQ is requested _after_ the registration of the `power_supply` handle.

PUBLISHED Reserved 2026-05-13 | Published 2026-05-27 | Updated 2026-05-27 | Assigner Linux

Product status

Default status
unaffected

5069185fc18e810715a91d80fcd075e03add600c (git) before 86f93dfb23f5bf4f285c4256a7e909d222f7de56
affected

5069185fc18e810715a91d80fcd075e03add600c (git) before 16875e3b7bc9e59bfa0acaf1e43f275a6f42a30f
affected

5069185fc18e810715a91d80fcd075e03add600c (git) before 0560a4b09c92e2ecaa883965cf6f9ca51c158ff9
affected

5069185fc18e810715a91d80fcd075e03add600c (git) before 0de95d29d847c6217b7d5845e24a71a4aee7b359
affected

5069185fc18e810715a91d80fcd075e03add600c (git) before 4aeaf03c17260415c2fdd55992f9ad4188d5455a
affected

5069185fc18e810715a91d80fcd075e03add600c (git) before 03d1e4ee4e6aa6d2966e883e4ca0e5be73bf1b7c
affected

5069185fc18e810715a91d80fcd075e03add600c (git) before abea607ff2f62f4c0a5fb29f7fbdaaab163276a4
affected

5069185fc18e810715a91d80fcd075e03add600c (git) before 5f0b1cb41906e86b64bf69f5ededb83b0d757c27
affected

Default status
affected

5.10
affected

Any version before 5.10
unaffected

5.10.252 (semver)
unaffected

5.15.202 (semver)
unaffected

6.1.165 (semver)
unaffected

6.6.128 (semver)
unaffected

6.12.75 (semver)
unaffected

6.18.14 (semver)
unaffected

6.19.4 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/86f93dfb23f5bf4f285c4256a7e909d222f7de56

git.kernel.org/...c/16875e3b7bc9e59bfa0acaf1e43f275a6f42a30f

git.kernel.org/...c/0560a4b09c92e2ecaa883965cf6f9ca51c158ff9

git.kernel.org/...c/0de95d29d847c6217b7d5845e24a71a4aee7b359

git.kernel.org/...c/4aeaf03c17260415c2fdd55992f9ad4188d5455a

git.kernel.org/...c/03d1e4ee4e6aa6d2966e883e4ca0e5be73bf1b7c

git.kernel.org/...c/abea607ff2f62f4c0a5fb29f7fbdaaab163276a4

git.kernel.org/...c/5f0b1cb41906e86b64bf69f5ededb83b0d757c27

cve.org (CVE-2026-45879)

nvd.nist.gov (CVE-2026-45879)

Download JSON