CVE-2024-35986

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the power supply framework in the Linux kernel, which is not designed for long living in-kernel references to power supply devices. Specifically, unregistering a power supply while some other code has a reference to it triggers a warning in power supply unregister(), followed by the power supply still getting removed and the backing data freed anyway, leaving the tusb1210 charger-detect code with a dangling reference. This results in a crash the next time tusb1210 get online() is called. The fix involves only holding the reference in tusb1210 get online() and freeing it at the end of the function, which avoids the issue when manually rmmod-ing the charger chip driver during development. However, this still leaves a theoretical race window.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.