CVE-2026-45869

Description

In the Linux kernel, the following vulnerability has been resolved: power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() In `probe()`, `request_irq()` is called before allocating/registering a `power_supply` handle. If an interrupt is fired between the call to `request_irq()` and `power_supply_register()`, the `power_supply` handle will be used uninitialized in `power_supply_changed()` in `wm97xx_bat_update()` (triggered from the interrupt handler). This will lead to a `NULL` pointer dereference since Fix this racy `NULL` pointer dereference by making sure the IRQ is requested _after_ the registration of the `power_supply` handle. Since the IRQ is the last thing requests in the `probe()` now, remove the error path for freeing it. Instead add one for unregistering the `power_supply` handle when IRQ request fails.

References

Other References

https://git.kernel.org/stable/c/39fe0eac6d755ef215026518985fcf8de9360e9e https://git.kernel.org/stable/c/3d7b5391bb95505b3581c1fb77150c467ab92864 https://git.kernel.org/stable/c/438f9a303ea8b55162b2d5376490c2ab3ec165a0 https://git.kernel.org/stable/c/86183153c299e8bb1839e717286d6c6f39508a59 https://git.kernel.org/stable/c/93bdf715d33cf5ee01c58e8546c2469c71ce082a https://git.kernel.org/stable/c/9b7d77cb046b4487e8e511e04e62b6f416ce845c https://git.kernel.org/stable/c/c0def811ad8d642dca9b6d31a198cc39f5f90837 https://git.kernel.org/stable/c/dfaf235d5a6b60cbf115a14a656946303ad007b7

Frequently Asked Questions

What is CVE-2026-45869? +

In the Linux kernel, the following vulnerability has been resolved: power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() In `probe()`, `request_irq()` is called before allocating/registering a `power_supply` handle. If an interrupt is fired between the call to `request_irq()` and `power_supply_register()`, the `power_supply` handle will be used uninitialized in `power_supply_changed()` in `wm97xx_bat_update()` (triggered from the interrupt handler). This will lead to a `NULL` pointer dereference since Fix this racy `NULL` pointer dereference by making sure the IRQ is requested _after_ the registration of the `power_supply` handle. Since the IRQ is the last thing requests in the `probe()` now, remove the error path for freeing it. Instead add one for unregistering the `power_supply` handle when IRQ request fails.

How do I check if I'm vulnerable to CVE-2026-45869? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Description

References

Other References

Frequently Asked Questions

Don't wait for an exploit