{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-22009", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-29T08:45:45.803Z", "datePublished": "2025-04-08T08:17:59.840Z", "dateUpdated": "2025-04-08T08:17:59.840Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-04-08T08:17:59.840Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: dummy: force synchronous probing\n\nSometimes I get a NULL pointer dereference at boot time in kobject_get()\nwith the following call stack:\n\nanatop_regulator_probe()\n devm_regulator_register()\n  regulator_register()\n   regulator_resolve_supply()\n    kobject_get()\n\nBy placing some extra BUG_ON() statements I could verify that this is\nraised because probing of the 'dummy' regulator driver is not completed\n('dummy_regulator_rdev' is still NULL).\n\nIn the JTAG debugger I can see that dummy_regulator_probe() and\nanatop_regulator_probe() can be run by different kernel threads\n(kworker/u4:*).  I haven't further investigated whether this can be\nchanged or if there are other possibilities to force synchronization\nbetween these two probe routines.  On the other hand I don't expect much\nboot time penalty by probing the 'dummy' regulator synchronously."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/regulator/dummy.c"], "versions": [{"version": "259b93b21a9ffe5117af4dfb5505437e463c6a5a", "lessThan": "e26f24ca4fb940b15e092796c5993142a2558bd9", "status": "affected", "versionType": "git"}, {"version": "259b93b21a9ffe5117af4dfb5505437e463c6a5a", "lessThan": "d3b83a1442a09b145006eb4294b1a963c5345c9c", "status": "affected", "versionType": "git"}, {"version": "259b93b21a9ffe5117af4dfb5505437e463c6a5a", "lessThan": "5ade367b56c3947c990598df92395ce737bee872", "status": "affected", "versionType": "git"}, {"version": "259b93b21a9ffe5117af4dfb5505437e463c6a5a", "lessThan": "8619909b38eeebd3e60910158d7d68441fc954e9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/regulator/dummy.c"], "versions": [{"version": "6.4", "status": "affected"}, {"version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.85", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.21", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13.9", "lessThanOrEqual": "6.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/e26f24ca4fb940b15e092796c5993142a2558bd9"}, {"url": "https://git.kernel.org/stable/c/d3b83a1442a09b145006eb4294b1a963c5345c9c"}, {"url": "https://git.kernel.org/stable/c/5ade367b56c3947c990598df92395ce737bee872"}, {"url": "https://git.kernel.org/stable/c/8619909b38eeebd3e60910158d7d68441fc954e9"}], "title": "regulator: dummy: force synchronous probing", "x_generator": {"engine": "bippy-7c5fe7eed585"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "713AEC20-B9F9-4756-851A-6C1BA3284678", "versionEndExcluding": "6.6.85", "versionStartIncluding": "6.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B63C450-D73B-4A53-9861-98E25C16E842", "versionEndExcluding": "6.12.21", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FAECBE4D-58CF-4836-BBAB-5E28B800A778", "versionEndExcluding": "6.13.9", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*", "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*", "matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*", "matchCriteriaId": "66619FB8-0AAF-4166-B2CF-67B24143261D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*", "matchCriteriaId": "D3D6550E-6679-4560-902D-AF52DCFE905B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*", "matchCriteriaId": "45B90F6B-BEC7-4D4E-883A-9DBADE021750", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc6:*:*:*:*:*:*", "matchCriteriaId": "1759FFB7-531C-41B1-9AE1-FD3D80E0D920", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc7:*:*:*:*:*:*", "matchCriteriaId": "AD948719-8628-4421-A340-1066314BBD4A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: dummy: force synchronous probing\n\nSometimes I get a NULL pointer dereference at boot time in kobject_get()\nwith the following call stack:\n\nanatop_regulator_probe()\n devm_regulator_register()\n  regulator_register()\n   regulator_resolve_supply()\n    kobject_get()\n\nBy placing some extra BUG_ON() statements I could verify that this is\nraised because probing of the 'dummy' regulator driver is not completed\n('dummy_regulator_rdev' is still NULL).\n\nIn the JTAG debugger I can see that dummy_regulator_probe() and\nanatop_regulator_probe() can be run by different kernel threads\n(kworker/u4:*).  I haven't further investigated whether this can be\nchanged or if there are other possibilities to force synchronization\nbetween these two probe routines.  On the other hand I don't expect much\nboot time penalty by probing the 'dummy' regulator synchronously."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: regulator: dummy: force synchronous sondeo a veces obtengo una desreferencia de puntero NULL en el momento del arranque en kobject_get() con la siguiente pila de llamadas: anatop_regulator_probe() devm_regulator_register() regulator_register() regulator_resolve_supply() kobject_get() Colocando algunas sentencias BUG_ON() adicionales pude verificar que esto se genera porque el sondeo del controlador del regulador 'dummy' no se completa ('dummy_regulator_rdev' sigue siendo NULL). En el depurador JTAG puedo ver que dummy_regulator_probe() y anatop_regulator_probe() pueden ser ejecutados por diferentes subprocesos del kernel (kworker/u4:*). No he investigado m\u00e1s si esto se puede cambiar o si hay otras posibilidades de forzar la sincronizaci\u00f3n entre estas dos rutinas de sondeo. Por otro lado, no espero mucha penalizaci\u00f3n en el tiempo de arranque al sondear el regulador 'dummy' sincr\u00f3nicamente."}], "id": "CVE-2025-22009", "lastModified": "2025-04-10T13:10:51.817", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-08T09:15:24.460", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5ade367b56c3947c990598df92395ce737bee872"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8619909b38eeebd3e60910158d7d68441fc954e9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d3b83a1442a09b145006eb4294b1a963c5345c9c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e26f24ca4fb940b15e092796c5993142a2558bd9"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: regulator: dummy: force synchronous probing", "id": "2358234", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358234"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nregulator: dummy: force synchronous probing\nSometimes I get a NULL pointer dereference at boot time in kobject_get()\nwith the following call stack:\nanatop_regulator_probe()\ndevm_regulator_register()\nregulator_register()\nregulator_resolve_supply()\nkobject_get()\nBy placing some extra BUG_ON() statements I could verify that this is\nraised because probing of the 'dummy' regulator driver is not completed\n('dummy_regulator_rdev' is still NULL).\nIn the JTAG debugger I can see that dummy_regulator_probe() and\nanatop_regulator_probe() can be run by different kernel threads\n(kworker/u4:*).  I haven't further investigated whether this can be\nchanged or if there are other possibilities to force synchronization\nbetween these two probe routines.  On the other hand I don't expect much\nboot time penalty by probing the 'dummy' regulator synchronously."], "name": "CVE-2025-22009", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-22009\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-22009\nhttps://lore.kernel.org/linux-cve-announce/2025040842-CVE-2025-22009-2b2b@gregkh/T"], "threat_severity": "Low"}