CVE-2024-27412: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-27412 is a vulnerability in the Linux kernel's power supply subsystem, specifically in the bq27xxx-i2c driver. The vulnerability was discovered on May 17, 2024, affecting the battery management functionality in Linux systems using the bq27xxx i2c-client (NVD).

The vulnerability occurs when the bq27xxx i2c-client does not have an IRQ (Interrupt Request), resulting in client->irq being 0. While bq27xxxbatteryi2cprobe() correctly checks for client->irq before requesting a threaded IRQ, bq27xxxbatteryi2cremove() unconditionally calls free_irq(client->irq), leading to an attempt to free an already-free IRQ. This results in a kernel warning and backtrace when unbinding the driver (Kernel Commit). The vulnerability has been assigned a CVSS 3.1 base score of 5.5 (Medium) by CISA-ADP, with a vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can trigger a kernel warning and backtrace, potentially leading to system instability or denial of service conditions when attempting to unbind the bq27xxx i2c driver (NVD).

The issue has been fixed by adding an if (client->irq) check to bq27xxxbatteryi2c_remove() to mirror the probe function's behavior. The fix has been implemented in various Linux distributions, including Ubuntu and Debian, through their respective security updates (Ubuntu Security, Debian LTS).