CVE-2026-45946
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-416
Utilización después de liberación
Fecha de publicación:
27/05/2026
Última modificación:
16/06/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
power: supply: ab8500: Fix use-after-free in power_supply_changed()<br />
<br />
Using the `devm_` variant for requesting IRQ _before_ the `devm_`<br />
variant for allocating/registering the `power_supply` handle, means that<br />
the `power_supply` handle will be deallocated/unregistered _before_ the<br />
interrupt handler (since `devm_` naturally deallocates in reverse<br />
allocation order). This means that during removal, there is a race<br />
condition where an interrupt can fire just _after_ the `power_supply`<br />
handle has been freed, *but* just _before_ the corresponding<br />
unregistration of the IRQ handler has run.<br />
<br />
This will lead to the IRQ handler calling `power_supply_changed()` with<br />
a freed `power_supply` handle. Which usually crashes the system or<br />
otherwise silently corrupts the memory...<br />
<br />
Note that there is a similar situation which can also happen during<br />
`probe()`; the possibility of an interrupt firing _before_ registering<br />
the `power_supply` handle. This would then lead to the nasty situation<br />
of using the `power_supply` handle *uninitialized* in<br />
`power_supply_changed()`.<br />
<br />
Commit 1c1f13a006ed ("power: supply: ab8500: Move to componentized<br />
binding") introduced this issue during a refactorization. Fix this racy<br />
use-after-free by making sure the IRQ is requested _after_ the<br />
registration of the `power_supply` handle.
Impacto
Puntuación base 3.x
7.80
Gravedad 3.x
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.13.4 (incluyendo) | 5.15.202 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (incluyendo) | 6.1.165 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (incluyendo) | 6.6.128 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (incluyendo) | 6.12.75 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (incluyendo) | 6.18.14 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (incluyendo) | 6.19.4 (excluyendo) |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/43cbb78ee047b9b12d096d40e3be265969d4c1f8
- https://git.kernel.org/stable/c/46dbda27b028d78087667e8280966b99cec015ca
- https://git.kernel.org/stable/c/551672981fe227122258a25a385a05f5c0746ad6
- https://git.kernel.org/stable/c/709db4b476e254579d9c48ec34d397a41ca0c407
- https://git.kernel.org/stable/c/847eeb6c0efcd76c7def73857cf798a4fcd8f79b
- https://git.kernel.org/stable/c/c4af8a98bb52825a5331ae1d0604c0ea6956ba4b
- https://git.kernel.org/stable/c/f50433f2603def08b21a4bf2fd238687fb5cbde9



