CVE-2022-50250

Summary

In the Linux kernel, the following vulnerability has been resolved:

regulator: core: fix use_count leakage when handling boot-on

I found a use_count leakage towards supply regulator of rdev with boot-on option.

┌───────────────────┐ ┌───────────────────┐ │ regulator_dev A │ │ regulator_dev B │ │ (boot-on) │ │ (boot-on) │ │ use_count=0 │◀──supply──│ use_count=1 │ │ │ │ │ └───────────────────┘ └───────────────────┘

In case of rdev(A) configured with `regulator-boot-on', the use_count of supplying regulator(B) will increment inside regulator_enable(rdev->supply).

Thus, B will acts like always-on, and further balanced regulator_enable/disable cannot actually disable it anymore.

However, B was also configured with `regulator-boot-on', we wish it could be disabled afterwards.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxdc1b1d7faf616ed663d0bba9be5abb4d1ed35d01 < dc3391d49479bc2bf8a2b88dbf86fdd800882feeaffected
LinuxLinuxf44b07472f29ae313ce875dc7b9c75b100c608b8 < 5bfc53df288e8ea54ca6866fb92034214940183faffected
LinuxLinux089b3f61ecfc43ca4ea26d595e1d31ead6de3f7b < 4b737246ff50f810d6ab4be13c1388a07f0c14b1affected
LinuxLinux089b3f61ecfc43ca4ea26d595e1d31ead6de3f7b < feb847e6591e8c7a09cc39721cc9ca74fd9a5d80affected
LinuxLinux089b3f61ecfc43ca4ea26d595e1d31ead6de3f7b < 4dd6e1cc9c7403f1ee1b7eee85bc31b797ae8347affected
LinuxLinux089b3f61ecfc43ca4ea26d595e1d31ead6de3f7b < bc6c381df5793ebcf32db88a3e65acf7870379fcaffected
LinuxLinux089b3f61ecfc43ca4ea26d595e1d31ead6de3f7b < 0591b14ce0398125439c759f889647369aa616a0affected
LinuxLinux4.19.226 < 4.19.270affected
LinuxLinux5.4.7 < 5.4.229affected
LinuxLinux5.5affected
LinuxLinux0 < 5.5unaffected
LinuxLinux4.19.270 <= 4.19.*unaffected
LinuxLinux5.4.229 <= 5.4.*unaffected
LinuxLinux5.10.163 <= 5.10.*unaffected
LinuxLinux5.15.86 <= 5.15.*unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References