{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53166","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-15T13:59:19.063Z","datePublished":"2025-09-15T14:03:55.131Z","dateUpdated":"2026-05-11T19:39:32.976Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:39:32.976Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: bq25890: Fix external_power_changed race\n\nbq25890_charger_external_power_changed() dereferences bq->charger,\nwhich gets sets in bq25890_power_supply_init() like this:\n\n  bq->charger = devm_power_supply_register(bq->dev, &bq->desc, &psy_cfg);\n\nAs soon as devm_power_supply_register() has called device_add()\nthe external_power_changed callback can get called. So there is a window\nwhere bq25890_charger_external_power_changed() may get called while\nbq->charger has not been set yet leading to a NULL pointer dereference.\n\nThis race hits during boot sometimes on a Lenovo Yoga Book 1 yb1-x90f\nwhen the cht_wcove_pwrsrc (extcon) power_supply is done with detecting\nthe connected charger-type which happens to exactly hit the small window:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000018\n  <snip>\n  RIP: 0010:__power_supply_is_supplied_by+0xb/0xb0\n  <snip>\n  Call Trace:\n   <TASK>\n   __power_supply_get_supplier_property+0x19/0x50\n   class_for_each_device+0xb1/0xe0\n   power_supply_get_property_from_supplier+0x2e/0x50\n   bq25890_charger_external_power_changed+0x38/0x1b0 [bq25890_charger]\n   __power_supply_changed_work+0x30/0x40\n   class_for_each_device+0xb1/0xe0\n   power_supply_changed_work+0x5f/0xe0\n  <snip>\n\nFixing this is easy. The external_power_changed callback gets passed\nthe power_supply which will eventually get stored in bq->charger,\nso bq25890_charger_external_power_changed() can simply directly use\nthe passed in psy argument which is always valid."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/power/supply/bq25890_charger.c"],"versions":[{"version":"eab25b4f93aa771728127705eb4b235a3b5aad94","lessThan":"72c28207c19c2c46fab8ae994aff25e197fb2949","status":"affected","versionType":"git"},{"version":"eab25b4f93aa771728127705eb4b235a3b5aad94","lessThan":"9d20fa1982c35697f3f8c4ae0f12791691ae5958","status":"affected","versionType":"git"},{"version":"eab25b4f93aa771728127705eb4b235a3b5aad94","lessThan":"029a443b9b6424170f00f6dd5b7682e682cce92e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/power/supply/bq25890_charger.c"],"versions":[{"version":"5.18","status":"affected"},{"version":"0","lessThan":"5.18","status":"unaffected","versionType":"semver"},{"version":"6.1.31","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.3.5","lessThanOrEqual":"6.3.*","status":"unaffected","versionType":"semver"},{"version":"6.4","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.1.31"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.3.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/72c28207c19c2c46fab8ae994aff25e197fb2949"},{"url":"https://git.kernel.org/stable/c/9d20fa1982c35697f3f8c4ae0f12791691ae5958"},{"url":"https://git.kernel.org/stable/c/029a443b9b6424170f00f6dd5b7682e682cce92e"}],"title":"power: supply: bq25890: Fix external_power_changed race","x_generator":{"engine":"bippy-1.2.0"}}}}