SB20260528200 - Use-after-free in Linux kernel power supply driver
Published: May 28, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Use-after-free (CVE-ID: CVE-2026-45879)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service or corrupt memory.
The vulnerability exists due to use-after-free in the bq25980 power supply driver when handling interrupts during device removal or probe. A local user can trigger a race condition to cause a denial of service or corrupt memory.
The issue can also occur if an interrupt fires before the power_supply handle has been registered, leading to use of an uninitialized handle in power_supply_changed().
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/03d1e4ee4e6aa6d2966e883e4ca0e5be73bf1b7c
- https://git.kernel.org/stable/c/0560a4b09c92e2ecaa883965cf6f9ca51c158ff9
- https://git.kernel.org/stable/c/0de95d29d847c6217b7d5845e24a71a4aee7b359
- https://git.kernel.org/stable/c/16875e3b7bc9e59bfa0acaf1e43f275a6f42a30f
- https://git.kernel.org/stable/c/4aeaf03c17260415c2fdd55992f9ad4188d5455a
- https://git.kernel.org/stable/c/5f0b1cb41906e86b64bf69f5ededb83b0d757c27
- https://git.kernel.org/stable/c/86f93dfb23f5bf4f285c4256a7e909d222f7de56
- https://git.kernel.org/stable/c/abea607ff2f62f4c0a5fb29f7fbdaaab163276a4