Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-45869

Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
27/05/2026
Última modificación:
27/05/2026

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed()<br /> <br /> In `probe()`, `request_irq()` is called before allocating/registering a<br /> `power_supply` handle. If an interrupt is fired between the call to<br /> `request_irq()` and `power_supply_register()`, the `power_supply` handle<br /> will be used uninitialized in `power_supply_changed()` in<br /> `wm97xx_bat_update()` (triggered from the interrupt handler). This will<br /> lead to a `NULL` pointer dereference since<br /> <br /> Fix this racy `NULL` pointer dereference by making sure the IRQ is<br /> requested _after_ the registration of the `power_supply` handle. Since<br /> the IRQ is the last thing requests in the `probe()` now, remove the<br /> error path for freeing it. Instead add one for unregistering the<br /> `power_supply` handle when IRQ request fails.

Impacto