CVE-2026-45885

In the Linux kernel, the following vulnerability has been resolved:

power: supply: cpcap-battery: Fix use-after-free in power supply changed()

Using the devm variant for requesting IRQ before the devm variant for allocating/registering the power supply handle, means that the power supply handle will be deallocated/unregistered before the interrupt handler (since devm naturally deallocates in reverse allocation order). This means that during removal, there is a race condition where an interrupt can fire just after the power supply handle has been freed, but just before the corresponding unregistration of the IRQ handler has run.

This will lead to the IRQ handler calling power supply changed() with a freed power supply handle. Which usually crashes the system or otherwise silently corrupts the memory...

Note that there is a similar situation which can also happen during probe(); the possibility of an interrupt firing before registering the power supply handle. This would then lead to the nasty situation of using the power supply handle uninitialized in power supply changed().

Fix this racy use-after-free by making sure the IRQ is requested after the registration of the power supply handle.