Skip to main content

Linux Kernel CVE-2026-45869

| EUVDEUVD-2026-32335 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-7c8r-gw7p-h2xw
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
4.7 MEDIUM

Local vector confirmed; AC raised to H because reliable exploitation requires precise interrupt timing during a narrow probe window, not a simple repeatable trigger.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 25, 2026 - 21:13 vuln.today
CVSS changed
Jun 25, 2026 - 21:07 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed()

In probe(), request_irq() is called before allocating/registering a power_supply handle. If an interrupt is fired between the call to request_irq() and power_supply_register(), the power_supply handle will be used uninitialized in power_supply_changed() in wm97xx_bat_update() (triggered from the interrupt handler). This will lead to a NULL pointer dereference since

Fix this racy NULL pointer dereference by making sure the IRQ is requested _after_ the registration of the power_supply handle. Since the IRQ is the last thing requests in the probe() now, remove the error path for freeing it. Instead add one for unregistering the power_supply handle when IRQ request fails.

AnalysisAI

NULL pointer dereference in the Linux kernel's wm97xx battery power supply driver crashes the kernel when a hardware interrupt fires during a narrow initialization race window. Systems running Linux kernel versions from 2.6.32 through various stable branches (pre-patch releases in 5.10, 5.15, 6.1, 6.6, 6.12, 6.18, 6.19, and 7.0 series) with wm97xx-equipped hardware are affected. A local attacker - or natural hardware interrupt timing - can trigger a kernel panic (denial of service) during driver probe; no public exploit has been identified and EPSS sits at the 7th percentile, reflecting the narrow hardware footprint.

Technical ContextAI

The wm97xx is a Wolfson Microelectronics combined touchscreen controller and battery management IC used predominantly in older ARM-based embedded platforms (smartphones, PDAs, industrial boards). The Linux kernel driver at drivers/power/supply/wm97xx_battery.c implements a probe() routine that calls request_irq() to register an interrupt handler before completing power_supply_register(). The interrupt handler invokes wm97xx_bat_update(), which calls power_supply_changed() using the power_supply handle that has not yet been initialized. CWE-476 (NULL Pointer Dereference) applies: the pointer is allocated and valid only after power_supply_register() returns, but the interrupt handler can fire against the NULL/uninitialized pointer in the race window between the two calls. The fix reorders initialization - IRQ registration is deferred until after power_supply_register() completes - eliminating the race. CPE data confirms all affected products are cpe:2.3:o:linux:linux_kernel across multiple stable branches.

RemediationAI

The primary fix is upgrading the Linux kernel to a patched stable release: 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, or 7.0 (or later). Upstream commits are available at https://git.kernel.org/stable/c/9b7d77cb046b4487e8e511e04e62b6f416ce845c (6.1 branch), https://git.kernel.org/stable/c/c0def811ad8d642dca9b6d31a198cc39f5f90837 (6.6 branch), https://git.kernel.org/stable/c/438f9a303ea8b55162b2d5376490c2ab3ec165a0, https://git.kernel.org/stable/c/39fe0eac6d755ef215026518985fcf8de9360e9e, and others linked in the NVD entry. For platforms where a kernel update is not immediately feasible, the wm97xx_battery kernel module can be blacklisted (add 'blacklist wm97xx-battery' to /etc/modprobe.d/blacklist.conf) to prevent the driver from loading, at the cost of battery monitoring functionality. This workaround is appropriate only when battery/power-supply monitoring is not operationally required.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

CVE-2026-45869 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy