HOMEVULNERABILITIESCVE-2026-45869
NONE

CVE-2026-45869

Published: May 27, 2026· Updated: May 27, 2026

Official Description

In the Linux kernel, the following vulnerability has been resolved:

power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed()

In `probe()`, `request_irq()` is called before allocating/registering a

`power_supply` handle. If an interrupt is fired between the call to

`request_irq()` and `power_supply_register()`, the `power_supply` handle

will be used uninitialized in `power_supply_changed()` in

`wm97xx_bat_update()` (triggered from the interrupt handler). This will

lead to a `NULL` pointer dereference since

Fix this racy `NULL` pointer dereference by making sure the IRQ is

requested _after_ the registration of the `power_supply` handle. Since

the IRQ is the last thing requests in the `probe()` now, remove the

error path for freeing it. Instead add one for unregistering the

`power_supply` handle when IRQ request fails.

NVD Source

Technical Analysis

CVE-2026-45869 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (8)

Quick Facts

CVE IDCVE-2026-45869
SeverityNONE
CISA KEVNo
PublishedMay 27, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-45869 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.