CVE-2026-46246
Description
In the Linux kernel, the following vulnerability has been resolved:
power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler
Using the devm_ variant for requesting IRQ _before_ the devm_ variant for allocating/registering the extcon handle, means that the extcon handle will be deallocated/unregistered _before_ the interrupt handler (since devm_ naturally deallocates in reverse allocation order). This means that during removal, there is a race condition where an interrupt can fire just _after_ the extcon handle has been freed, *but* just _before_ the corresponding unregistration of the IRQ handler has run.
This will lead to the IRQ handler calling extcon_set_state_sync() with a freed extcon handle. Which usually crashes the system or otherwise silently corrupts the memory...
Fix this racy use-after-free by making sure the IRQ is requested _after_ the registration of the extcon handle.
Affected products
3Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.