power: supply: rt9455: Fix use-after-free in power_supply_changed()_CVE-2026-46270

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: rt9455: Fix use-after-free in power_supply_changed()\n\nUsing the `devm_` variant for requesting IRQ _before_ the `devm_`\nvariant for allocating/registering the `power_supply` handle, means that\nthe `power_supply` handle will be deallocated/unregistered _before_ the\ninterrupt handler (since `devm_` naturally deallocates in reverse\nallocation order). This means that during removal, there is a race\ncondition where an interrupt can fire just _after_ the `power_supply`\nhandle has been freed, *but* just _before_ the corresponding\nunregistration of the IRQ handler has run.\n\nThis will lead to the IRQ handler calling `power_supply_changed()` with\na freed `power_supply` handle. Which usually crashes the system or\notherwise silently corrupts the memory...\n\nNote that there is a similar situation which can also happen during\n`probe()`; the possibility of an interrupt firing _before_ registering\nthe `power_supply` handle. This would then lead to the nasty situation\nof using the `power_supply` handle *uninitialized* in\n`power_supply_changed()`.\n\nFix this racy use-after-free by making sure the IRQ is requested _after_\nthe registration of the `power_supply` handle.",
    "published": "2026-06-03T15:50:12.537Z",
    "modified": "2026-06-05T06:06:42.204Z",
    "type": "cve",
    "title": "power: supply: rt9455: Fix use-after-free in power_supply_changed()",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/d4e2e3c3caa26b93aa9f36d0a6824b584e2a8dfc\nhttps://git.kernel.org/stable/c/62d753b916bd500bb269b7078cdab73198ab4718\nhttps://git.kernel.org/stable/c/a39f8f06216f73ef40e71e2fe4ad071964c1fd36\nhttps://git.kernel.org/stable/c/af261f218a7606f93d2c786353d60bb4feb56ef0\nhttps://git.kernel.org/stable/c/2178dc65d45e2f7bcaa8af8d80d100419bdab251\nhttps://git.kernel.org/stable/c/64e15155095f39f4dec9b4659da1238ef8fc54d4\nhttps://git.kernel.org/stable/c/721449a15170fc5f028a7576d7f65b9f60d53482\nhttps://git.kernel.org/stable/c/e2febe375e5ea5afed92f4cd9711bde8f24ee6d2",
    "id": "CVE-2026-46270",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Linux Linux e86d69dd786e94046b8f5be7df1b9a8226a40b2a\nLinux Linux e86d69dd786e94046b8f5be7df1b9a8226a40b2a\nLinux Linux e86d69dd786e94046b8f5be7df1b9a8226a40b2a\nLinux Linux e86d69dd786e94046b8f5be7df1b9a8226a40b2a\nLinux Linux e86d69dd786e94046b8f5be7df1b9a8226a40b2a\nLinux Linux e86d69dd786e94046b8f5be7df1b9a8226a40b2a\nLinux Linux e86d69dd786e94046b8f5be7df1b9a8226a40b2a\nLinux Linux e86d69dd786e94046b8f5be7df1b9a8226a40b2a\nLinux Linux 4.2",
    "sourceHref": "",
    "cvss": {
        "score": 8.4,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "e86d69dd786e94046b8f5be7df1b9a8226a40b2a",
    "vendor": "Linux",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}