Linux Kernel PM8916 LBC Power Supply Driver Use-After-Free Vulnerability in IRQ Handler

A use-after-free vulnerability has been identified in the Linux kernel's PM8916 LBC power supply driver. This issue arises in the IRQ handler due to the improper order of requesting the IRQ and registering the extcon handle. The extcon handle is freed before the IRQ handler is unregistered, creating a race condition. As a result, an interrupt can be processed with a deallocated extcon handle, leading to potential system crashes or memory corruption.

Impact

Exploitation of this vulnerability typically results in a system crash or silent memory corruption.

Reproduction

The vulnerability can be reproduced by loading the PM8916 LBC charger driver, which involves requesting an IRQ before the extcon handle is fully registered. This sequence creates a race condition where the IRQ handler can be triggered with a freed extcon handle, causing the described use-after-free issue.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.