In the Linux kernel, the following vulnerability has been resolved:
power: supply: axp288fuelgauge: Fix externalpowerchanged race
fuelgaugeexternalpowerchanged() dereferences info->bat, which gets sets in axp288fuelgauge_probe() like this:
info->bat = devmpowersupplyregister(dev, &fuelgaugedesc, &psycfg);
As soon as devmpowersupplyregister() has called deviceadd() the externalpowerchanged callback can get called. So there is a window where fuelgaugeexternalpowerchanged() may get called while info->bat has not been set yet leading to a NULL pointer dereference.
Fixing this is easy. The externalpowerchanged callback gets passed the powersupply which will eventually get stored in info->bat, so fuelgaugeexternalpower_changed() can simply directly use the passed in psy argument which is always valid.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53310.json",
"cna_assigner": "Linux"
}