regulator: core: fix locking in regulator_resolve_supply() error path
Summary
| CVE | CVE-2026-46252 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-03 18:16:25 UTC |
| Updated | 2026-06-27 11:16:28 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_supply() error path If late enabling of a supply regulator fails in regulator_resolve_supply(), the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at _regulator_put+0x80/0xa0, CPU#6: kworker/u32:4/596 ... Call trace: _regulator_put+0x80/0xa0 (P) regulator_resolve_supply+0x7cc/0xbe0 regulator_register_resolve_supply+0x28/0xb8 as the regulator_list_mutex must be held when calling _regulator_put(). To solve this, simply switch to using regulator_put(). While at it, we should also make sure that no concurrent access happens to our rdev while we clear out the supply pointer. Add appropriate locking to ensure that. While the code in question will be removed altogether in a follow-up commit, I believe it is still beneficial to have this corrected before removal for future reference. |
Risk And Classification
Primary CVSS: v3.1 5.5 MEDIUM from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS: 0.000800000 probability, percentile 0.002500000 (date 2026-06-16)
Problem Types: CWE-667
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | 4.2 | - | All | All |
| Operating System | Linux | Linux Kernel | 4.2 | rc4 | All | All |
| Operating System | Linux | Linux Kernel | 4.2 | rc5 | All | All |
| Operating System | Linux | Linux Kernel | 4.2 | rc6 | All | All |
| Operating System | Linux | Linux Kernel | 4.2 | rc7 | All | All |
| Operating System | Linux | Linux Kernel | 4.2 | rc8 | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 36a1f1b6ddc6d1442424e29548e790633ca39c7b bde74af8d4466213007bdd42cc85fa72c861dea7 git | Not specified |
| CNA | Linux | Linux | affected 36a1f1b6ddc6d1442424e29548e790633ca39c7b c66e0db0f37290b53c57994f998bb55590364fd0 git | Not specified |
| CNA | Linux | Linux | affected 36a1f1b6ddc6d1442424e29548e790633ca39c7b 497330b203d2c59c5ff3fa4c34d14494d7203bc3 git | Not specified |
| CNA | Linux | Linux | affected 4.2 | Not specified |
| CNA | Linux | Linux | unaffected 4.2 semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.37 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.19.4 6.19.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.0 * original_commit_for_fix | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/c66e0db0f37290b53c57994f998bb55590364fd0 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/bde74af8d4466213007bdd42cc85fa72c861dea7 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/497330b203d2c59c5ff3fa4c34d14494d7203bc3 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.