Linux Kernel Power Supply bq25890 External Power Change Race Condition Vulnerability

A race condition vulnerability has been identified in the Linux kernel's power supply driver for the bq25890 charger. This issue arises during the boot process on certain Lenovo Yoga Book 1 models. The vulnerability occurs because the external_power_changed callback can be triggered before the charger reference is properly initialized, leading to a NULL pointer dereference. This flaw was introduced in a previous commit that added external charger detection for the bq25892 model.

Impact

Exploitation of this vulnerability causes a kernel NULL pointer dereference, which can lead to a system crash.

Reproduction

The vulnerability can be reproduced on a Lenovo Yoga Book 1 yb1-x90f device. During the boot process, the cht_wcove_pwrsrc (extcon) power supply completes its charger type detection, which can inadvertently trigger the external_power_changed callback. This callback attempts to access the charger reference before it has been initialized, resulting in a NULL pointer dereference.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.