CVE-2023-54079

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> power: supply: bq27xxx: Fix poll_interval handling and races on remove<br /> <br /> Before this patch bq27xxx_battery_teardown() was setting poll_interval = 0<br /> to avoid bq27xxx_battery_update() requeuing the delayed_work item.<br /> <br /> There are 2 problems with this:<br /> <br /> 1. If the driver is unbound through sysfs, rather then the module being<br /> rmmod-ed, this changes poll_interval unexpectedly<br /> <br /> 2. This is racy, after it being set poll_interval could be changed<br /> before bq27xxx_battery_update() checks it through<br /> /sys/module/bq27xxx_battery/parameters/poll_interval<br /> <br /> Fix this by added a removed attribute to struct bq27xxx_device_info and<br /> using that instead of setting poll_interval to 0.<br /> <br /> There also is another poll_interval related race on remove(), writing<br /> /sys/module/bq27xxx_battery/parameters/poll_interval will requeue<br /> the delayed_work item for all devices on the bq27xxx_battery_devices<br /> list and the device being removed was only removed from that list<br /> after cancelling the delayed_work item.<br /> <br /> Fix this by moving the removal from the bq27xxx_battery_devices list<br /> to before cancelling the delayed_work item.