CVE-2026-45906
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-416
Utilización después de liberación
Fecha de publicación:
27/05/2026
Última modificación:
24/06/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
power: supply: pf1550: Fix use-after-free in power_supply_changed()<br />
<br />
Using the `devm_` variant for requesting IRQ _before_ the `devm_`<br />
variant for allocating/registering the `power_supply` handle, means that<br />
the `power_supply` handle will be deallocated/unregistered _before_ the<br />
interrupt handler (since `devm_` naturally deallocates in reverse<br />
allocation order). This means that during removal, there is a race<br />
condition where an interrupt can fire just _after_ the `power_supply`<br />
handle has been freed, *but* just _before_ the corresponding<br />
unregistration of the IRQ handler has run.<br />
<br />
This will lead to the IRQ handler calling `power_supply_changed()` with<br />
a freed `power_supply` handle. Which usually crashes the system or<br />
otherwise silently corrupts the memory...<br />
<br />
Note that there is a similar situation which can also happen during<br />
`probe()`; the possibility of an interrupt firing _before_ registering<br />
the `power_supply` handle. This would then lead to the nasty situation<br />
of using the `power_supply` handle *uninitialized* in<br />
`power_supply_changed()`.<br />
<br />
Fix this racy use-after-free by making sure the IRQ is requested _after_<br />
the registration of the `power_supply` handle.
Impacto
Puntuación base 3.x
7.80
Gravedad 3.x
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (incluyendo) | 6.19.4 (excluyendo) |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página



