Description

In the Linux kernel, the following vulnerability has been resolved: power: supply: axp288_fuel_gauge: Fix external_power_changed race fuel_gauge_external_power_changed() dereferences info->bat, which gets sets in axp288_fuel_gauge_probe() like this: info->bat = devm_power_supply_register(dev, &fuel_gauge_desc, &psy_cfg); As soon as devm_power_supply_register() has called device_add() the external_power_changed callback can get called. So there is a window where fuel_gauge_external_power_changed() may get called while info->bat has not been set yet leading to a NULL pointer dereference. Fixing this is easy. The external_power_changed callback gets passed the power_supply which will eventually get stored in info->bat, so fuel_gauge_external_power_changed() can simply directly use the passed in psy argument which is always valid.

INFO

Published Date :

2025-09-16T16:11:48.399Z

Last Modified :

2026-01-14T18:32:56.963Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-53310 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-53310.

URL Resource
https://git.kernel.org/stable/c/0456b912121e45b3ef54abe3135e5dcb541f956c cve-icon cve-icon
https://git.kernel.org/stable/c/a636c6ba9ce898207f283271cb28511206ab739b cve-icon cve-icon
https://git.kernel.org/stable/c/f8319774d6f1567d6e7d03653174ab0c82c5c66d cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025091642-CVE-2023-53310-8d40@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-53310 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-53310 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact