Impact
A bug in the Linux kernel’s max77705 power supply driver allows the driver to free a workqueue before freeing its associated interrupt handlers, creating a short window where an interrupt can schedule work onto a freed workqueue. This results in a use‑after‑free condition that can crash the kernel or potentially be used to exploit privilege escalation, but this conclusion is inferred from the description. Additionally, the driver leaks memory on remove() because the workqueue is not destroyed. Both defects compromise kernel stability and integrity.
Affected Systems
The vulnerability affects Linux kernel implementations that include the max77705 power supply driver. All kernel versions containing this driver are potentially impacted, as no specific version range is listed.
Risk and Exploitability
The EPSS score is 0.00145 (< 1%), and the vulnerability is not listed in the CISA KEV catalog. Since the flaw resides in kernel space and involves driver resource cleanup, the likely attack vector is local privilege escalation or denial of service executed by a user or a compromised application that triggers the driver’s interrupt handling path. The potential for privilege escalation is inferred from the use‑after‑free condition, but this conclusion is not directly stated in the description. In the absence of public exploitation reports, the risk is considered significant but the likelihood of widespread exploitation remains uncertain.
OpenCVE Enrichment