CVE-2026-46270
- Source
- https://cve.org/CVERecord?id=CVE-2026-46270
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46270.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-46270
- Downstream
- Published
- 2026-06-03T15:50:12.537Z
- Modified
- 2026-06-18T03:56:11.578820955Z
- Severity
-
- 8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- power: supply: rt9455: Fix use-after-free in power_supply_changed()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
power: supply: rt9455: Fix use-after-free in powersupplychanged()
Using the
devm_variant for requesting IRQ before thedevm_variant for allocating/registering thepower_supplyhandle, means that thepower_supplyhandle will be deallocated/unregistered before the interrupt handler (sincedevm_naturally deallocates in reverse allocation order). This means that during removal, there is a race condition where an interrupt can fire just after thepower_supplyhandle has been freed, but just before the corresponding unregistration of the IRQ handler has run.This will lead to the IRQ handler calling
power_supply_changed()with a freedpower_supplyhandle. Which usually crashes the system or otherwise silently corrupts the memory...Note that there is a similar situation which can also happen during
probe(); the possibility of an interrupt firing before registering thepower_supplyhandle. This would then lead to the nasty situation of using thepower_supplyhandle uninitialized inpower_supply_changed().Fix this racy use-after-free by making sure the IRQ is requested after the registration of the
power_supplyhandle. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46270.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/2178dc65d45e2f7bcaa8af8d80d100419bdab251
- https://git.kernel.org/stable/c/62d753b916bd500bb269b7078cdab73198ab4718
- https://git.kernel.org/stable/c/64e15155095f39f4dec9b4659da1238ef8fc54d4
- https://git.kernel.org/stable/c/721449a15170fc5f028a7576d7f65b9f60d53482
- https://git.kernel.org/stable/c/a39f8f06216f73ef40e71e2fe4ad071964c1fd36
- https://git.kernel.org/stable/c/af261f218a7606f93d2c786353d60bb4feb56ef0
- https://git.kernel.org/stable/c/d4e2e3c3caa26b93aa9f36d0a6824b584e2a8dfc
- https://git.kernel.org/stable/c/e2febe375e5ea5afed92f4cd9711bde8f24ee6d2
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46270.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-46270
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede86d69dd786e94046b8f5be7df1b9a8226a40b2aFixedd4e2e3c3caa26b93aa9f36d0a6824b584e2a8dfcFixed62d753b916bd500bb269b7078cdab73198ab4718Fixeda39f8f06216f73ef40e71e2fe4ad071964c1fd36Fixedaf261f218a7606f93d2c786353d60bb4feb56ef0Fixed2178dc65d45e2f7bcaa8af8d80d100419bdab251Fixed64e15155095f39f4dec9b4659da1238ef8fc54d4Fixed721449a15170fc5f028a7576d7f65b9f60d53482Fixede2febe375e5ea5afed92f4cd9711bde8f24ee6d2
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.2.0Fixed5.10.252
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.202
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.165
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.128
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.75
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.18.14
- Type
- ECOSYSTEM
- Events
-
Introduced6.19.0Fixed6.19.4