GHSA-2vjf-7vmh-8jpp · Severity: unknown — In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705:...
In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Free allocated workqueue and fix removal order Use devm interface for allocating workqueue to fix two bugs at the same time: 1. Driver leaks the memory on remove(), because the workqueue is not destroyed. 2. Driver allocates workqueue and then registers interrupt handlers with devm interface. This means that probe error paths will not use a reversed order, but first destroy the workqueue and then, via devm release handlers, free the interrupt. The interrupt handler schedules work on this exact workqueue, thus if interrupt is hit in this short time window - after destroying workqueue, but before devm() frees the interrupt - the schedulled work will lead to use of freed memory. Change is not equivalent in the workqueue itself: use non-legacy API which does not set (__WQ_LEGACY | WQ_MEM_RECLAIM). The workqueue is used to update power supply (power_supply_changed()) status, thus there is no point to run it for memory reclaim. Note that dev_name() is not directly used in second argument to prevent possible unlikely parsing any "%" character in device name as format.
Conclusion & alert: CVE-2026-53308 is rated Low Risk (4.1/100): low exploitation likelihood (EPSS 0.14%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-27 | — | 0.14% | — |
Full EPSS history (1 record total)
CVSS metrics for this CVE.
No CVSS data in dataset for this CVE.
GHSA-2vjf-7vmh-8jpp · Severity: unknown — In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705:...
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
unimportant | CVE-2026-53308 unimportant priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2026-53308 |
suse
|
— | — | https://www.suse.com/security/cve/CVE-2026-53308/ |
ubuntu
|
medium | CVE-2026-53308 medium priority: Ubuntu including 161 source packages (linux, linux-allwinner-5.19, …), 1449 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): DNE 1044, ignored 172, not-affected 112, released 87, needed 23, pending 10, needs-triage 1. | https://ubuntu.com/security/CVE-2026-53308 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| linux | linux_kernel | >= 6.15, < 7.0.10 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.15, < 7.1 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |