-

CVE-2023-53310

In the Linux kernel, the following vulnerability has been resolved:

power: supply: axp288_fuel_gauge: Fix external_power_changed race

fuel_gauge_external_power_changed() dereferences info->bat,
which gets sets in axp288_fuel_gauge_probe() like this:

  info->bat = devm_power_supply_register(dev, &fuel_gauge_desc, &psy_cfg);

As soon as devm_power_supply_register() has called device_add()
the external_power_changed callback can get called. So there is a window
where fuel_gauge_external_power_changed() may get called while
info->bat has not been set yet leading to a NULL pointer dereference.

Fixing this is easy. The external_power_changed callback gets passed
the power_supply which will eventually get stored in info->bat,
so fuel_gauge_external_power_changed() can simply directly use
the passed in psy argument which is always valid.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 0456b912121e45b3ef54abe3135e5dcb541f956c
Version 30abb3d07929137bf72327560e1595508a692c4e
Status affected
Version < a636c6ba9ce898207f283271cb28511206ab739b
Version 30abb3d07929137bf72327560e1595508a692c4e
Status affected
Version < f8319774d6f1567d6e7d03653174ab0c82c5c66d
Version 30abb3d07929137bf72327560e1595508a692c4e
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.18
Status affected
Version < 5.18
Version 0
Status unaffected
Version <= 6.1.*
Version 6.1.31
Status unaffected
Version <= 6.3.*
Version 6.3.5
Status unaffected
Version <= *
Version 6.4
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.043
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String