CVE-2026-45869

Source
https://cve.org/CVERecord?id=CVE-2026-45869
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45869.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-45869
Downstream
Published
2026-05-27T12:15:49.107Z
Modified
2026-06-27T11:55:27.984984442Z
Summary
power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed()
Details

In the Linux kernel, the following vulnerability has been resolved:

power: supply: wm97xx: Fix NULL pointer dereference in powersupplychanged()

In probe(), request_irq() is called before allocating/registering a power_supply handle. If an interrupt is fired between the call to request_irq() and power_supply_register(), the power_supply handle will be used uninitialized in power_supply_changed() in wm97xx_bat_update() (triggered from the interrupt handler). This will lead to a NULL pointer dereference since

Fix this racy NULL pointer dereference by making sure the IRQ is requested after the registration of the power_supply handle. Since the IRQ is the last thing requests in the probe() now, remove the error path for freeing it. Instead add one for unregistering the power_supply handle when IRQ request fails.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45869.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7c87942aef52d2120e95ff1dec739998b9f95a78
Fixed
3d7b5391bb95505b3581c1fb77150c467ab92864
Fixed
438f9a303ea8b55162b2d5376490c2ab3ec165a0
Fixed
9b7d77cb046b4487e8e511e04e62b6f416ce845c
Fixed
86183153c299e8bb1839e717286d6c6f39508a59
Fixed
93bdf715d33cf5ee01c58e8546c2469c71ce082a
Fixed
c0def811ad8d642dca9b6d31a198cc39f5f90837
Fixed
dfaf235d5a6b60cbf115a14a656946303ad007b7
Fixed
39fe0eac6d755ef215026518985fcf8de9360e9e

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45869.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.32
Fixed
5.10.252
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.202
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.165
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.128
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45869.json"