PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45885 Linux CVE debrief

A use-after-free vulnerability exists in the Linux kernel's CPCAP battery driver (cpcap-battery). The issue stems from incorrect ordering of devm-managed resource allocations: the IRQ is requested via devm_request_irq() before the power_supply handle is registered via devm_power_supply_register(). Because devm-managed resources are deallocated in reverse order of allocation, during driver removal the power_supply handle is freed before the IRQ is unregistered. This creates a race window where an interrupt can fire after the power_supply handle has been freed but before the IRQ handler is unregistered, causing the IRQ handler to call power_supply_changed() with a freed pointer. A similar race exists during probe() where an interrupt could fire before the power_supply handle is fully initialized. The fix reorders the code to request the IRQ after power_supply registration, ensuring proper cleanup ordering and eliminating the race condition.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Linux kernel maintainers, embedded device manufacturers using Motorola CPCAP PMICs, mobile/IoT security teams, and organizations running custom kernel builds on ARM devices with CPCAP battery hardware

Technical summary

The cpcap-battery driver uses devm_request_irq() before devm_power_supply_register(), causing the power_supply handle to be freed before IRQ unregistration during driver removal. This creates a race where power_supply_changed() may be called with a freed pointer. The fix reorders operations to register power_supply before requesting the IRQ.

Defensive priority

high

Recommended defensive actions

  • Apply kernel patches from stable branches once available for your distribution
  • Verify cpcap-battery driver is not loaded on critical systems if patching is delayed
  • Monitor system logs for kernel crashes or memory corruption indicators on affected devices
  • Review custom kernel builds for similar devm resource ordering issues in power supply drivers

Evidence notes

Vulnerability description confirms use-after-free in power_supply_changed() due to devm resource ordering. Multiple stable kernel commits provided indicate backports to affected versions. No CVSS score or severity assigned by NVD at time of disclosure.

Official resources

2026-05-27