CVE-2026-45869
Awaiting Analysis Awaiting Analysis - Queue
NULL pointer dereference in Linux kernel power supply wm97xx driver

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() In `probe()`, `request_irq()` is called before allocating/registering a `power_supply` handle. If an interrupt is fired between the call to `request_irq()` and `power_supply_register()`, the `power_supply` handle will be used uninitialized in `power_supply_changed()` in `wm97xx_bat_update()` (triggered from the interrupt handler). This will lead to a `NULL` pointer dereference since Fix this racy `NULL` pointer dereference by making sure the IRQ is requested _after_ the registration of the `power_supply` handle. Since the IRQ is the last thing requests in the `probe()` now, remove the error path for freeing it. Instead add one for unregistering the `power_supply` handle when IRQ request fails.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45869
EUVD
EUVD-2026-32335
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's power supply driver for wm97xx devices. During the initialization process in the probe() function, an interrupt request (IRQ) is registered before the power_supply handle is allocated and registered. If an interrupt occurs between these two steps, the interrupt handler calls a function that uses the uninitialized power_supply handle, leading to a NULL pointer dereference and potential kernel crash or instability.

The fix involves changing the order of operations so that the power_supply handle is registered before requesting the IRQ, preventing the interrupt handler from accessing an uninitialized pointer.

Impact Analysis

This vulnerability can cause a NULL pointer dereference in the Linux kernel, which may lead to a kernel crash or system instability. Such crashes can result in denial of service, unexpected reboots, or loss of data if the system becomes unresponsive or unstable due to the kernel fault.

Mitigation Strategies

To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the fix has been applied. The fix involves changing the order of operations in the wm97xx power supply driver so that the IRQ is requested only after the power_supply handle is registered, preventing a NULL pointer dereference.

Specifically, update your kernel to include the patch that requests the IRQ after registering the power_supply handle in the probe() function of the wm97xx driver.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45869. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart