{"id":"CVE-2026-45869","summary":"power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed()\n\nIn `probe()`, `request_irq()` is called before allocating/registering a\n`power_supply` handle. If an interrupt is fired between the call to\n`request_irq()` and `power_supply_register()`, the `power_supply` handle\nwill be used uninitialized in `power_supply_changed()` in\n`wm97xx_bat_update()` (triggered from the interrupt handler). This will\nlead to a `NULL` pointer dereference since\n\nFix this racy `NULL` pointer dereference by making sure the IRQ is\nrequested _after_ the registration of the `power_supply` handle. Since\nthe IRQ is the last thing requests in the `probe()` now, remove the\nerror path for freeing it. Instead add one for unregistering the\n`power_supply` handle when IRQ request fails.","modified":"2026-06-27T11:55:27.984984442Z","published":"2026-05-27T12:15:49.107Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45869.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/39fe0eac6d755ef215026518985fcf8de9360e9e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3d7b5391bb95505b3581c1fb77150c467ab92864"},{"type":"WEB","url":"https://git.kernel.org/stable/c/438f9a303ea8b55162b2d5376490c2ab3ec165a0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/86183153c299e8bb1839e717286d6c6f39508a59"},{"type":"WEB","url":"https://git.kernel.org/stable/c/93bdf715d33cf5ee01c58e8546c2469c71ce082a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9b7d77cb046b4487e8e511e04e62b6f416ce845c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c0def811ad8d642dca9b6d31a198cc39f5f90837"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dfaf235d5a6b60cbf115a14a656946303ad007b7"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45869.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45869"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7c87942aef52d2120e95ff1dec739998b9f95a78"},{"fixed":"3d7b5391bb95505b3581c1fb77150c467ab92864"},{"fixed":"438f9a303ea8b55162b2d5376490c2ab3ec165a0"},{"fixed":"9b7d77cb046b4487e8e511e04e62b6f416ce845c"},{"fixed":"86183153c299e8bb1839e717286d6c6f39508a59"},{"fixed":"93bdf715d33cf5ee01c58e8546c2469c71ce082a"},{"fixed":"c0def811ad8d642dca9b6d31a198cc39f5f90837"},{"fixed":"dfaf235d5a6b60cbf115a14a656946303ad007b7"},{"fixed":"39fe0eac6d755ef215026518985fcf8de9360e9e"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45869.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.32"},{"fixed":"5.10.252"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.202"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.165"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.128"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.75"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.14"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45869.json"}}],"schema_version":"1.7.5"}