CVE-2026-45916 Linux CVE debrief

Who should care

Organizations running Linux systems with SBS (Smart Battery System) battery hardware, embedded Linux device manufacturers, kernel maintainers, and security teams tracking Linux kernel vulnerabilities affecting power management subsystems.

Technical summary

The sbs-battery driver in the Linux kernel power supply subsystem contains a use-after-free vulnerability due to incorrect devm_ resource allocation ordering. The driver used devm_request_irq() before devm_power_supply_register(), causing reverse-order deallocation during driver removal: power_supply is freed first, then IRQ is unregistered. This creates a race condition where a pending interrupt can execute the IRQ handler with a freed power_supply pointer, calling power_supply_changed() on invalid memory. During probe, a similar race allows interrupts before power_supply registration, causing uninitialized pointer use. The fix moves IRQ request after power_supply registration while preserving warning-only error handling for IRQ failures.

Defensive priority

high

Recommended defensive actions

• Apply kernel updates containing the fix commits once available from your Linux distribution
• Monitor stable kernel releases for backported fixes to currently supported versions
• Review systems using SBS (Smart Battery System) battery hardware for exposure
• Consider disabling SBS battery support if not required and patches are unavailable
• Monitor NVD for CVSS scoring updates as analysis completes

Evidence notes

Vulnerability description and fix details sourced from official CVE record and NVD. Multiple stable kernel commits provided indicating backports to various kernel versions. No CVSS score or severity assigned by NVD at time of disclosure; status marked as 'Awaiting Analysis'.

Official resources