CVE-2026-23186

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (acpipowermeter) Fix deadlocks related to acpipowermeter_notify()

The acpipowermeter driver's .notify() callback function, acpipowermeternotify(), calls hwmondevice_unregister() under a lock that is also acquired by callbacks in sysfs attributes of the device being unregistered which is prone to deadlocks between sysfs access and device removal.

Address this by moving the hwmon device removal in acpipowermeternotify() outside the lock in question, but notice that doing it alone is not sufficient because two concurrent METERNOTIFYCONFIG notifications may be attempting to remove the same device at the same time. To prevent that from happening, add a new lock serializing the execution of the switch () statement in acpipowermeternotify(). For simplicity, it is a static mutex which should not be a problem from the performance perspective.

The new lock also allows the hwmondeviceregisterwithinfo() in acpipowermeternotify() to be called outside the inner lock because it prevents the other notifications handled by that function from manipulating the "resource" object while the hwmon device based on it is being registered. The sending of ACPI netlink messages from acpipowermeternotify() is serialized by the new lock too which generally helps to ensure that the order of handling firmware notifications is the same as the order of sending netlink messages related to them.

In addition, notice that hwmondeviceregisterwithinfo() may fail in which case resource->hwmondev will become an error pointer, so add checks to avoid attempting to unregister the hwmon device pointer to by it in that case to acpipowermeternotify() and acpipowermeter_remove().