CVE-2024-49955

Summary

In the Linux kernel, the following vulnerability has been resolved:

ACPI: battery: Fix possible crash when unregistering a battery hook

When a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered. However the battery hook provider cannot know that, so it will later call battery_hook_unregister() on the already unregistered battery hook, resulting in a crash.

Fix this by using the list head to mark already unregistered battery hooks as already being unregistered so that they can be ignored by battery_hook_unregister().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxfa93854f7a7ed63d054405bf3779247d5300edd3 < 76fb2cbf01571926da8ecf6876cc8cb07d3f5183affected
LinuxLinuxfa93854f7a7ed63d054405bf3779247d5300edd3 < c47843a831e0eae007ad7e848d208e675ba4c132affected
LinuxLinuxfa93854f7a7ed63d054405bf3779247d5300edd3 < da964de4c18199e14b961b5b2e5e6570552a313caffected
LinuxLinuxfa93854f7a7ed63d054405bf3779247d5300edd3 < 07b98400cb0285a6348188aa8c5ec6a2ae0551f7affected
LinuxLinuxfa93854f7a7ed63d054405bf3779247d5300edd3 < ca1fb7942a287b40659cc79551a1de54a2c2e7d5affected
LinuxLinuxfa93854f7a7ed63d054405bf3779247d5300edd3 < ce31847f109c3a5b2abdd19d7bcaafaacfde53deaffected
LinuxLinuxfa93854f7a7ed63d054405bf3779247d5300edd3 < ca26e8eed9c1c6651f51f7fa38fe444f8573cd1baffected
LinuxLinuxfa93854f7a7ed63d054405bf3779247d5300edd3 < 9f469ef1c79dac7f9ac1518643a33703918f7e13affected
LinuxLinuxfa93854f7a7ed63d054405bf3779247d5300edd3 < 76959aff14a0012ad6b984ec7686d163deccdc16affected
LinuxLinux4.17affected
LinuxLinux0 < 4.17unaffected
LinuxLinux4.19.323 <= 4.19.*unaffected
LinuxLinux5.4.285 <= 5.4.*unaffected
LinuxLinux5.10.227 <= 5.10.*unaffected
LinuxLinux5.15.168 <= 5.15.*unaffected
LinuxLinux6.1.113 <= 6.1.*unaffected
LinuxLinux6.6.55 <= 6.6.*unaffected
LinuxLinux6.10.14 <= 6.10.*unaffected
LinuxLinux6.11.3 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

Additional References

References