CVE-2026-45869 - Vulnerability Details

- power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed()

Description

In the Linux kernel, the following vulnerability has been resolved:

power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed()

In `probe()`, `request_irq()` is called before allocating/registering a
`power_supply` handle. If an interrupt is fired between the call to
`request_irq()` and `power_supply_register()`, the `power_supply` handle
will be used uninitialized in `power_supply_changed()` in
`wm97xx_bat_update()` (triggered from the interrupt handler). This will
lead to a `NULL` pointer dereference since

Fix this racy `NULL` pointer dereference by making sure the IRQ is
requested _after_ the registration of the `power_supply` handle. Since
the IRQ is the last thing requests in the `probe()` now, remove the
error path for freeing it. Instead add one for unregistering the
`power_supply` handle when IRQ request fails.

Published: 2026-05-27

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A race condition in the wm97xx power‑supply driver occurs when an interrupt is delivered between the request for the IRQ and the registration of the power_supply handle. The driver then dereferences a NULL pointer inside power_supply_changed(), causing a kernel panic. The weakness is a classic NULL pointer dereference combined with a race condition.

Affected Systems

All Linux kernel releases that include the unpatched wm97xx driver are affected. The vendor is Linux kernel. Accordingly, every kernel version prior to the patch that contains this driver is within scope until the update is applied.

Risk and Exploitability

The CVSS score is not supplied, and the EPSS score is reported as less than 1%, indicating a very low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that exploitation requires an interrupt to be generated between the request_irq() and power_supply_register() calls, which typically demands physical proximity or privileged access to trigger a hardware event. Because of this prerequisite, widespread exploitation is unlikely; however, any successful trigger results in a kernel crash that denies all services.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`7c87942aef52d2120e95ff1dec739998b9f95a78`	affected	< 3d7b5391bb95505b3581c1fb77150c467ab92864
`7c87942aef52d2120e95ff1dec739998b9f95a78`	affected	< 438f9a303ea8b55162b2d5376490c2ab3ec165a0
`7c87942aef52d2120e95ff1dec739998b9f95a78`	affected	< 9b7d77cb046b4487e8e511e04e62b6f416ce845c
`7c87942aef52d2120e95ff1dec739998b9f95a78`	affected	< 86183153c299e8bb1839e717286d6c6f39508a59
`7c87942aef52d2120e95ff1dec739998b9f95a78`	affected	< 93bdf715d33cf5ee01c58e8546c2469c71ce082a
`7c87942aef52d2120e95ff1dec739998b9f95a78`	affected	< c0def811ad8d642dca9b6d31a198cc39f5f90837
`7c87942aef52d2120e95ff1dec739998b9f95a78`	affected	< dfaf235d5a6b60cbf115a14a656946303ad007b7
`7c87942aef52d2120e95ff1dec739998b9f95a78`	affected	< 39fe0eac6d755ef215026518985fcf8de9360e9e

Linux

affected

Version	Status	Constraints
`2.6.32`	affected	—
`0`	unaffected	< 2.6.32
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[7c87942aef52d2120e95ff1dec739998b9f95a78,3d7b5391bb95505b3581c1fb77150c467ab92864)`	affected	code_commit	—
`[7c87942aef52d2120e95ff1dec739998b9f95a78,438f9a303ea8b55162b2d5376490c2ab3ec165a0)`	affected	code_commit	—
`[7c87942aef52d2120e95ff1dec739998b9f95a78,9b7d77cb046b4487e8e511e04e62b6f416ce845c)`	affected	code_commit	—
`[7c87942aef52d2120e95ff1dec739998b9f95a78,86183153c299e8bb1839e717286d6c6f39508a59)`	affected	code_commit	—
`[7c87942aef52d2120e95ff1dec739998b9f95a78,93bdf715d33cf5ee01c58e8546c2469c71ce082a)`	affected	code_commit	—
`[7c87942aef52d2120e95ff1dec739998b9f95a78,c0def811ad8d642dca9b6d31a198cc39f5f90837)`	affected	code_commit	—
`[7c87942aef52d2120e95ff1dec739998b9f95a78,dfaf235d5a6b60cbf115a14a656946303ad007b7)`	affected	code_commit	—
`[7c87942aef52d2120e95ff1dec739998b9f95a78,39fe0eac6d755ef215026518985fcf8de9360e9e)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`2.6.32`	affected	semver	—
`[0,2.6.32)`	unaffected	semver	—
`[5.10.252,5.11.0)`	unaffected	semver	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.14,6.19.0)`	unaffected	semver	—
`[6.19.4,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a release that includes the patch for the wm97xx driver.
If a kernel update is not possible, unload or disable the wm97xx power‑supply driver to eliminate the race condition.
Continuously monitor system logs for kernel oops messages or power‑supply‑related errors that could indicate an attempted trigger.

Generated by OpenCVE AI on May 28, 2026 at 16:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4606-1	linux security update

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/39fe0eac6d755ef215026518985fcf8de9360e9e
https://git.kernel.org/stable/c/3d7b5391bb95505b3581c1fb77150c467ab92864
https://git.kernel.org/stable/c/438f9a303ea8b55162b2d5376490c2ab3ec165a0
https://git.kernel.org/stable/c/86183153c299e8bb1839e717286d6c6f39508a59
https://git.kernel.org/stable/c/93bdf715d33cf5ee01c58e8546c2469c71ce082a
https://git.kernel.org/stable/c/9b7d77cb046b4487e8e511e04e62b6f416ce845c
https://git.kernel.org/stable/c/c0def811ad8d642dca9b6d31a198cc39f5f90837
https://git.kernel.org/stable/c/dfaf235d5a6b60cbf115a14a656946303ad007b7
https://lore.kernel.org/linux-cve-announce/2026052712-CVE-2026-45869-9867@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-45869
https://www.cve.org/CVERecord?id=CVE-2026-45869

History

Thu, 28 May 2026 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-409 CWE-476

Thu, 28 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-824
References		https://lore.kernel.org/linux-cve-announce/2026052712-CVE-2026-45869-9867@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-45869 https://www.cve.org/CVERecord?id=CVE-2026-45869

Wed, 27 May 2026 21:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-409 CWE-476

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() In `probe()`, `request_irq()` is called before allocating/registering a `power_supply` handle. If an interrupt is fired between the call to `request_irq()` and `power_supply_register()`, the `power_supply` handle will be used uninitialized in `power_supply_changed()` in `wm97xx_bat_update()` (triggered from the interrupt handler). This will lead to a `NULL` pointer dereference since Fix this racy `NULL` pointer dereference by making sure the IRQ is requested _after_ the registration of the `power_supply` handle. Since the IRQ is the last thing requests in the `probe()` now, remove the error path for freeing it. Instead add one for unregistering the `power_supply` handle when IRQ request fails.
Title		power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/39fe0eac6d755ef215026518985fcf8de9360e9e https://git.kernel.org/stable/c/3d7b5391bb95505b3581c1fb77150c467ab92864 https://git.kernel.org/stable/c/438f9a303ea8b55162b2d5376490c2ab3ec165a0 https://git.kernel.org/stable/c/86183153c299e8bb1839e717286d6c6f39508a59 https://git.kernel.org/stable/c/93bdf715d33cf5ee01c58e8546c2469c71ce082a https://git.kernel.org/stable/c/9b7d77cb046b4487e8e511e04e62b6f416ce845c https://git.kernel.org/stable/c/c0def811ad8d642dca9b6d31a198cc39f5f90837 https://git.kernel.org/stable/c/dfaf235d5a6b60cbf115a14a656946303ad007b7

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:15:49.107Z

Updated: 2026-05-27T12:15:49.107Z

Reserved: 2026-05-13T15:03:33.080Z

Link: CVE-2026-45869

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:00.290

Modified: 2026-05-27T14:48:31.480

Link: CVE-2026-45869

Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45869 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T16:15:04Z

Weaknesses

CWE-824

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object