CVE-2026-53308
Received Received - Intake
Use-After-Free in Linux Kernel Power Supply Subsystem

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Free allocated workqueue and fix removal order Use devm interface for allocating workqueue to fix two bugs at the same time: 1. Driver leaks the memory on remove(), because the workqueue is not destroyed. 2. Driver allocates workqueue and then registers interrupt handlers with devm interface. This means that probe error paths will not use a reversed order, but first destroy the workqueue and then, via devm release handlers, free the interrupt. The interrupt handler schedules work on this exact workqueue, thus if interrupt is hit in this short time window - after destroying workqueue, but before devm() frees the interrupt - the schedulled work will lead to use of freed memory. Change is not equivalent in the workqueue itself: use non-legacy API which does not set (__WQ_LEGACY | WQ_MEM_RECLAIM). The workqueue is used to update power supply (power_supply_changed()) status, thus there is no point to run it for memory reclaim. Note that dev_name() is not directly used in second argument to prevent possible unlikely parsing any "%" character in device name as format.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-27
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-53308
EUVD
EUVD-2026-39843
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux_kernel linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's power supply driver for the max77705 device. It involves improper handling of a workqueue during driver removal and interrupt handling.

Specifically, the driver leaks memory on removal because the workqueue is not destroyed properly. Additionally, the driver allocates a workqueue and registers interrupt handlers using the devm interface, but the order of destruction is incorrect. The workqueue is destroyed before the interrupt handlers are freed, which can lead to a use-after-free condition if an interrupt occurs in this time window.

This means that scheduled work on the destroyed workqueue can access freed memory, causing potential instability or crashes.

Impact Analysis

The vulnerability can lead to memory leaks and use-after-free conditions in the Linux kernel power supply driver. This can cause system instability, crashes, or unpredictable behavior when the affected driver is removed or when interrupts occur during the vulnerable time window.

Such instability could affect device power management, potentially leading to power supply status updates failing or behaving incorrectly.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the fix has been applied. The fix involves using the devm interface for allocating the workqueue in the max77705 power supply driver to prevent memory leaks and use-after-free issues.

  • Apply the kernel patch that frees the allocated workqueue and fixes the removal order.
  • Ensure the driver uses the non-legacy workqueue API that does not set (__WQ_LEGACY | WQ_MEM_RECLAIM).
  • Avoid running the workqueue for memory reclaim as it is used to update power supply status.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53308. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart