CVE-2024-49955

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A possible crash in the Linux kernel has been identified when unregistering a battery hook. This occurs when a battery hook returns an error while adding a new battery, leading to its automatic unregistration. However, the battery hook provider is unaware of this unregistration and subsequently attempts to call battery hook unregister() on the already unregistered hook, resulting in a crash. The issue is resolved by utilizing the list head to mark already unregistered battery hooks, allowing them to be ignored by battery hook unregister().

Recommendations: For versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the battery hook functionality until a patch is available. Restrict access to the battery hook unregister() function to minimize the risk of exploitation. Avoid using the battery hook parameter in affected API endpoints until the issue is resolved.