CVE-2025-22009

Summary

In the Linux kernel, the following vulnerability has been resolved:

regulator: dummy: force synchronous probing

Sometimes I get a NULL pointer dereference at boot time in kobject_get() with the following call stack:

anatop_regulator_probe() devm_regulator_register() regulator_register() regulator_resolve_supply() kobject_get()

By placing some extra BUG_ON() statements I could verify that this is raised because probing of the 'dummy' regulator driver is not completed ('dummy_regulator_rdev' is still NULL).

In the JTAG debugger I can see that dummy_regulator_probe() and anatop_regulator_probe() can be run by different kernel threads (kworker/u4:*). I haven't further investigated whether this can be changed or if there are other possibilities to force synchronization between these two probe routines. On the other hand I don't expect much boot time penalty by probing the 'dummy' regulator synchronously.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux259b93b21a9ffe5117af4dfb5505437e463c6a5a < e26f24ca4fb940b15e092796c5993142a2558bd9affected
LinuxLinux259b93b21a9ffe5117af4dfb5505437e463c6a5a < d3b83a1442a09b145006eb4294b1a963c5345c9caffected
LinuxLinux259b93b21a9ffe5117af4dfb5505437e463c6a5a < 5ade367b56c3947c990598df92395ce737bee872affected
LinuxLinux259b93b21a9ffe5117af4dfb5505437e463c6a5a < 8619909b38eeebd3e60910158d7d68441fc954e9affected
LinuxLinux6.4affected
LinuxLinux0 < 6.4unaffected
LinuxLinux6.6.85 <= 6.6.*unaffected
LinuxLinux6.12.21 <= 6.12.*unaffected
LinuxLinux6.13.9 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References