CVE-2026-23186

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The acpi power meter driver in the Linux kernel contains a flaw related to deadlocks within the acpi power meter notify() function. This function calls hwmon device unregister() under a lock also used by sysfs attribute callbacks during device unregistration, creating a potential deadlock between sysfs access and device removal. The issue arises from concurrent METER NOTIFY CONFIG notifications attempting to remove the same device simultaneously. A new static mutex has been introduced to serialize the execution of the switch statement within acpi power meter notify(), preventing concurrent removal attempts. This lock also allows hwmon device register with info() to be called outside the inner lock, preventing manipulation of the resource object during hwmon device registration. Serialization of ACPI netlink message sending within acpi power meter notify() further ensures consistent handling of firmware notifications and related netlink messages. Checks have been added to prevent attempts to unregister a hwmon device pointer if hwmon device register with info() fails, resulting in an error pointer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.