Race Condition in AXP288 Fuel Gauge of Linux Kernel
CVE-2023-53310
What is CVE-2023-53310?
A race condition in the AXP288 fuel gauge implementation of the Linux kernel could lead to a NULL pointer dereference. The vulnerability arises when the 'external_power_changed' callback accesses the battery information (info->bat) before it has been properly initialized. This occurs because the callback may trigger before the battery information is set during the registration process. A straightforward patch resolves this by ensuring that the callback uses the power supply argument directly, which is guaranteed to be valid, thereby eliminating the race condition and potential for dereferencing a NULL pointer.
Affected Version(s)
Linux 30abb3d07929137bf72327560e1595508a692c4e < 0456b912121e45b3ef54abe3135e5dcb541f956c
Linux 30abb3d07929137bf72327560e1595508a692c4e
Linux 30abb3d07929137bf72327560e1595508a692c4e