SB20260528176 - Use-after-free in Linux kernel power supply driver
Published: May 28, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Use-after-free (CVE-ID: CVE-2026-45902)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to cause a denial of service or corrupt memory.
The vulnerability exists due to a use-after-free in power_supply_changed() in the bq256xx power supply driver when handling interrupts during device probe or removal. A local attacker can trigger a race condition to cause a denial of service or corrupt memory.
The issue can also occur if an interrupt fires before the power_supply handle is initialized.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/4b6fb0b6124f558131e502e3ffd03e6583b3ace6
- https://git.kernel.org/stable/c/74b5a88318db97d51bb40f774736553c2acd1514
- https://git.kernel.org/stable/c/8005843369723d9c8975b7c4202d1b85d6125302
- https://git.kernel.org/stable/c/81d3688c9a2158329391e08f2d0b8ba204216044
- https://git.kernel.org/stable/c/83c27fdd696ac13d023ef7a0345301be93209c53
- https://git.kernel.org/stable/c/8796910131a32ff29275052df768ef022929a394
- https://git.kernel.org/stable/c/cb5c743936edcebc51880eeb6bf04979b5c9438b