CVE-2026-53308
Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
26/06/2026
Última modificación:
30/06/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
power: supply: max77705: Free allocated workqueue and fix removal order<br />
<br />
Use devm interface for allocating workqueue to fix two bugs at the same<br />
time:<br />
<br />
1. Driver leaks the memory on remove(), because the workqueue is not<br />
destroyed.<br />
<br />
2. Driver allocates workqueue and then registers interrupt handlers<br />
with devm interface. This means that probe error paths will not use a<br />
reversed order, but first destroy the workqueue and then, via devm<br />
release handlers, free the interrupt.<br />
<br />
The interrupt handler schedules work on this exact workqueue, thus if<br />
interrupt is hit in this short time window - after destroying<br />
workqueue, but before devm() frees the interrupt - the schedulled<br />
work will lead to use of freed memory.<br />
<br />
Change is not equivalent in the workqueue itself: use non-legacy API<br />
which does not set (__WQ_LEGACY | WQ_MEM_RECLAIM). The workqueue is<br />
used to update power supply (power_supply_changed()) status, thus there<br />
is no point to run it for memory reclaim. Note that dev_name() is not<br />
directly used in second argument to prevent possible unlikely parsing<br />
any "%" character in device name as format.



