PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45882 Linux CVE debrief

A use-after-free vulnerability in the Linux kernel's Qualcomm PM8916 Battery Management System (BMS) driver could allow system crashes or memory corruption. The flaw stems from incorrect devm_ resource ordering where the IRQ handler could execute with a freed or uninitialized power_supply handle during driver probe or removal.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Linux kernel maintainers, embedded/IoT device manufacturers using Qualcomm PM8916 PMIC, Android device vendors, distribution security teams

Technical summary

The pm8916_bms_vm driver used devm_request_irq() before devm_power_supply_register(), causing reverse-order deallocation during driver removal. This created a race where an interrupt could fire after power_supply handle was freed but before IRQ handler was unregistered, leading to use-after-free in power_supply_changed(). A similar race existed during probe() where interrupts could fire before power_supply registration completed. The fix reorders resource allocation to register power_supply before requesting IRQ.

Defensive priority

high

Recommended defensive actions

  • Apply kernel patches from stable branches (5.15.y, 5.10.y, 5.4.y, 4.19.y) via distribution security updates
  • Verify pm8916_bms_vm driver is not loaded on affected systems if patching is delayed
  • Monitor system logs for kernel oops/panic traces referencing power_supply_changed or pm8916_bms_vm
  • Review custom kernel builds for devm_ resource ordering in power supply drivers

Evidence notes

Official CVE record published 2026-05-27. Kernel commit references confirm fix backported to stable branches. No CVSS score assigned by NVD at time of disclosure.

Official resources

2026-05-27