CVE-2026-45869

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
27/05/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed()<br /> <br /> In `probe()`, `request_irq()` is called before allocating/registering a<br /> `power_supply` handle. If an interrupt is fired between the call to<br /> `request_irq()` and `power_supply_register()`, the `power_supply` handle<br /> will be used uninitialized in `power_supply_changed()` in<br /> `wm97xx_bat_update()` (triggered from the interrupt handler). This will<br /> lead to a `NULL` pointer dereference since<br /> <br /> Fix this racy `NULL` pointer dereference by making sure the IRQ is<br /> requested _after_ the registration of the `power_supply` handle. Since<br /> the IRQ is the last thing requests in the `probe()` now, remove the<br /> error path for freeing it. Instead add one for unregistering the<br /> `power_supply` handle when IRQ request fails.

Impact