CVE-2026-23186 (GCVE-0-2026-23186)

Vulnerability from cvelistv5 – Published: 2026-02-14 16:27 – Updated: 2026-02-14 16:27
VLAI?
Title
hwmon: (acpi_power_meter) Fix deadlocks related to acpi_power_meter_notify()
Summary
In the Linux kernel, the following vulnerability has been resolved: hwmon: (acpi_power_meter) Fix deadlocks related to acpi_power_meter_notify() The acpi_power_meter driver's .notify() callback function, acpi_power_meter_notify(), calls hwmon_device_unregister() under a lock that is also acquired by callbacks in sysfs attributes of the device being unregistered which is prone to deadlocks between sysfs access and device removal. Address this by moving the hwmon device removal in acpi_power_meter_notify() outside the lock in question, but notice that doing it alone is not sufficient because two concurrent METER_NOTIFY_CONFIG notifications may be attempting to remove the same device at the same time. To prevent that from happening, add a new lock serializing the execution of the switch () statement in acpi_power_meter_notify(). For simplicity, it is a static mutex which should not be a problem from the performance perspective. The new lock also allows the hwmon_device_register_with_info() in acpi_power_meter_notify() to be called outside the inner lock because it prevents the other notifications handled by that function from manipulating the "resource" object while the hwmon device based on it is being registered. The sending of ACPI netlink messages from acpi_power_meter_notify() is serialized by the new lock too which generally helps to ensure that the order of handling firmware notifications is the same as the order of sending netlink messages related to them. In addition, notice that hwmon_device_register_with_info() may fail in which case resource->hwmon_dev will become an error pointer, so add checks to avoid attempting to unregister the hwmon device pointer to by it in that case to acpi_power_meter_notify() and acpi_power_meter_remove().
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 16746ce8adfe04f9ff8df75c1133286ba93c0e17 , < 8860ddf0e07be37169d4ef9f2618e39fca934a66 (git)
Affected: 16746ce8adfe04f9ff8df75c1133286ba93c0e17 , < 615901b57b7ef8eb655f71358f7e956e42bcd16b (git)
Create a notification for this product.
    Linux Linux Affected: 6.15
Unaffected: 0 , < 6.15 (semver)
Unaffected: 6.18.10 , ≤ 6.18.* (semver)
Unaffected: 6.19 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hwmon/acpi_power_meter.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8860ddf0e07be37169d4ef9f2618e39fca934a66",
              "status": "affected",
              "version": "16746ce8adfe04f9ff8df75c1133286ba93c0e17",
              "versionType": "git"
            },
            {
              "lessThan": "615901b57b7ef8eb655f71358f7e956e42bcd16b",
              "status": "affected",
              "version": "16746ce8adfe04f9ff8df75c1133286ba93c0e17",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hwmon/acpi_power_meter.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.15"
            },
            {
              "lessThan": "6.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.10",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (acpi_power_meter) Fix deadlocks related to acpi_power_meter_notify()\n\nThe acpi_power_meter driver\u0027s .notify() callback function,\nacpi_power_meter_notify(), calls hwmon_device_unregister() under a lock\nthat is also acquired by callbacks in sysfs attributes of the device\nbeing unregistered which is prone to deadlocks between sysfs access and\ndevice removal.\n\nAddress this by moving the hwmon device removal in\nacpi_power_meter_notify() outside the lock in question, but notice\nthat doing it alone is not sufficient because two concurrent\nMETER_NOTIFY_CONFIG notifications may be attempting to remove the\nsame device at the same time.  To prevent that from happening, add a\nnew lock serializing the execution of the switch () statement in\nacpi_power_meter_notify().  For simplicity, it is a static mutex\nwhich should not be a problem from the performance perspective.\n\nThe new lock also allows the hwmon_device_register_with_info()\nin acpi_power_meter_notify() to be called outside the inner lock\nbecause it prevents the other notifications handled by that function\nfrom manipulating the \"resource\" object while the hwmon device based\non it is being registered.  The sending of ACPI netlink messages from\nacpi_power_meter_notify() is serialized by the new lock too which\ngenerally helps to ensure that the order of handling firmware\nnotifications is the same as the order of sending netlink messages\nrelated to them.\n\nIn addition, notice that hwmon_device_register_with_info() may fail\nin which case resource-\u003ehwmon_dev will become an error pointer,\nso add checks to avoid attempting to unregister the hwmon device\npointer to by it in that case to acpi_power_meter_notify() and\nacpi_power_meter_remove()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-14T16:27:15.505Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8860ddf0e07be37169d4ef9f2618e39fca934a66"
        },
        {
          "url": "https://git.kernel.org/stable/c/615901b57b7ef8eb655f71358f7e956e42bcd16b"
        }
      ],
      "title": "hwmon: (acpi_power_meter) Fix deadlocks related to acpi_power_meter_notify()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23186",
    "datePublished": "2026-02-14T16:27:15.505Z",
    "dateReserved": "2026-01-13T15:37:45.985Z",
    "dateUpdated": "2026-02-14T16:27:15.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-23186\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-02-14T17:15:56.373\",\"lastModified\":\"2026-02-14T17:15:56.373\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nhwmon: (acpi_power_meter) Fix deadlocks related to acpi_power_meter_notify()\\n\\nThe acpi_power_meter driver\u0027s .notify() callback function,\\nacpi_power_meter_notify(), calls hwmon_device_unregister() under a lock\\nthat is also acquired by callbacks in sysfs attributes of the device\\nbeing unregistered which is prone to deadlocks between sysfs access and\\ndevice removal.\\n\\nAddress this by moving the hwmon device removal in\\nacpi_power_meter_notify() outside the lock in question, but notice\\nthat doing it alone is not sufficient because two concurrent\\nMETER_NOTIFY_CONFIG notifications may be attempting to remove the\\nsame device at the same time.  To prevent that from happening, add a\\nnew lock serializing the execution of the switch () statement in\\nacpi_power_meter_notify().  For simplicity, it is a static mutex\\nwhich should not be a problem from the performance perspective.\\n\\nThe new lock also allows the hwmon_device_register_with_info()\\nin acpi_power_meter_notify() to be called outside the inner lock\\nbecause it prevents the other notifications handled by that function\\nfrom manipulating the \\\"resource\\\" object while the hwmon device based\\non it is being registered.  The sending of ACPI netlink messages from\\nacpi_power_meter_notify() is serialized by the new lock too which\\ngenerally helps to ensure that the order of handling firmware\\nnotifications is the same as the order of sending netlink messages\\nrelated to them.\\n\\nIn addition, notice that hwmon_device_register_with_info() may fail\\nin which case resource-\u003ehwmon_dev will become an error pointer,\\nso add checks to avoid attempting to unregister the hwmon device\\npointer to by it in that case to acpi_power_meter_notify() and\\nacpi_power_meter_remove().\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/615901b57b7ef8eb655f71358f7e956e42bcd16b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8860ddf0e07be37169d4ef9f2618e39fca934a66\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.