CVE-2026-45869 Linux CVE debrief

Who should care

Organizations running Linux systems with WM97xx touchscreen/battery controller hardware, embedded Linux device manufacturers, and kernel maintainers responsible for stable branch backports

Technical summary

The WM97xx battery driver in the Linux kernel contained a race condition in its probe() function. The driver called request_irq() to register an interrupt handler before calling power_supply_register() to allocate and register the power supply structure. If a battery interrupt fired during this window, the interrupt handler's call chain through wm97xx_bat_update() to power_supply_changed() would dereference the uninitialized power supply pointer, causing a NULL pointer dereference and kernel crash. The resolution moves the IRQ request to after power supply registration and adjusts error handling to unregister the power supply if IRQ request fails, rather than freeing an IRQ that was never requested.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the referenced stable branch commits when available from your Linux distribution
• Verify WM97xx driver is not in use on critical systems if immediate patching is not possible
• Monitor kernel logs for NULL pointer dereference traces in power_supply_changed() as potential exploitation indicators
• Review custom kernel builds for backport of commits to affected stable branches

Evidence notes

The vulnerability description indicates this is a resolved kernel issue affecting the WM97xx power supply driver. Multiple stable kernel branch commits are referenced, suggesting backports to various supported kernel versions. The fix involves reordering probe() initialization sequence and adjusting error handling paths accordingly.

Official resources