CVE-2023-53166

MEDIUM EPSS 1.2%
Published Sep 15, 20259mo ago · Modified Jun 17, 20261w ago
4.7 CVSS 3.1
Medium
Find Similar
Published Sep 15, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: power: supply: bq25890: Fix external_power_changed race bq25890_charger_external_power_changed() dereferences bq->charger, which gets sets in bq25890_power_supply_init() like this: bq->charger = devm_power_supply_register(bq->dev, &bq->desc, &psy_cfg); As soon as devm_power_supply_register() has called device_add() the external_power_changed callback can get called. So there is a window where bq25890_charger_external_power_changed() may get called while bq->charger has not been set yet leading to a NULL pointer dereference. This race hits during boot sometimes on a Lenovo Yoga Book 1 yb1-x90f when the cht_wcove_pwrsrc (extcon) power_supply is done with detecting the connected charger-type which happens to exactly hit the small window: BUG: kernel NULL pointer dereference, address: 0000000000000018 <snip> RIP: 0010:__power_supply_is_supplied_by+0xb/0xb0 <snip> Call Trace: <TASK> __power_supply_get_supplier_property+0x19/0x50 class_for_each_device+0xb1/0xe0 power_supply_get_property_from_supplier+0x2e/0x50 bq25890_charger_external_power_changed+0x38/0x1b0 [bq25890_charger] __power_supply_changed_work+0x30/0x40 class_for_each_device+0xb1/0xe0 power_supply_changed_work+0x5f/0xe0 <snip> Fixing this is easy. The external_power_changed callback gets passed the power_supply which will eventually get stored in bq->charger, so bq25890_charger_external_power_changed() can simply directly use the passed in psy argument which is always valid.

CVSS Details

Base Score
4.7
Exploitability
1.0
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-362

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥5.18  –  <6.1.31
linuxlinux_kernel*≥6.2  –  <6.3.5
linuxlinux_kernel6.4any
linuxlinux_kernel6.4any
linuxlinux_kernel6.4any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/029a443b9b6424170f00f6dd5b7682e682cce92e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/72c28207c19c2c46fab8ae994aff25e197fb2949
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9d20fa1982c35697f3f8c4ae0f12791691ae5958
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/029a443b9b6424170f00f6dd5b7682e682cce92e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/72c28207c19c2c46fab8ae994aff25e197fb2949
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9d20fa1982c35697f3f8c4ae0f12791691ae5958
    Patch