CVE-2023-53310

MEDIUM 4.7

power: supply: axp288_fuel_gauge: Fix external_power_changed race

CVSS Score

4.7

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: power: supply: axp288_fuel_gauge: Fix external_power_changed race fuel_gauge_external_power_changed() dereferences info->bat, which gets sets in axp288_fuel_gauge_probe() like this: info->bat = devm_power_supply_register(dev, &fuel_gauge_desc, &psy_cfg); As soon as devm_power_supply_register() has called device_add() the external_power_changed callback can get called. So there is a window where fuel_gauge_external_power_changed() may get called while info->bat has not been set yet leading to a NULL pointer dereference. Fixing this is easy. The external_power_changed callback gets passed the power_supply which will eventually get stored in info->bat, so fuel_gauge_external_power_changed() can simply directly use the passed in psy argument which is always valid.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Sep 16, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new medium vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

30abb3d07929137bf72327560e1595508a692c4e < 0456b912121e45b3ef54abe3135e5dcb541f956c 30abb3d07929137bf72327560e1595508a692c4e < a636c6ba9ce898207f283271cb28511206ab739b 30abb3d07929137bf72327560e1595508a692c4e < f8319774d6f1567d6e7d03653174ab0c82c5c66d

Linux / Linux

5.18

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/0456b912121e45b3ef54abe3135e5dcb541f956c git.kernel.org: https://git.kernel.org/stable/c/a636c6ba9ce898207f283271cb28511206ab739b git.kernel.org: https://git.kernel.org/stable/c/f8319774d6f1567d6e7d03653174ab0c82c5c66d