Use-after-free in Linux kernel - CVE-2026-45879
Published: May 28, 2026
Vulnerability identifier: #VU132612
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-45879
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service or corrupt memory.
The vulnerability exists due to use-after-free in the bq25980 power supply driver when handling interrupts during device removal or probe. A local user can trigger a race condition to cause a denial of service or corrupt memory.
The issue can also occur if an interrupt fires before the power_supply handle has been registered, leading to use of an uninitialized handle in power_supply_changed().
How to mitigate CVE-2026-45879
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/03d1e4ee4e6aa6d2966e883e4ca0e5be73bf1b7c
- https://git.kernel.org/stable/c/0560a4b09c92e2ecaa883965cf6f9ca51c158ff9
- https://git.kernel.org/stable/c/0de95d29d847c6217b7d5845e24a71a4aee7b359
- https://git.kernel.org/stable/c/16875e3b7bc9e59bfa0acaf1e43f275a6f42a30f
- https://git.kernel.org/stable/c/4aeaf03c17260415c2fdd55992f9ad4188d5455a
- https://git.kernel.org/stable/c/5f0b1cb41906e86b64bf69f5ededb83b0d757c27
- https://git.kernel.org/stable/c/86f93dfb23f5bf4f285c4256a7e909d222f7de56
- https://git.kernel.org/stable/c/abea607ff2f62f4c0a5fb29f7fbdaaab163276a4