CVE-2026-45875 - Vulnerability Details

- mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure

Description

In the Linux kernel, the following vulnerability has been resolved:

mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure

The wm5102_clear_write_sequencer() helper may return an error
and just return, bypassing the cleanup sequence and causing
regulators to remain enabled, leading to a resource leak.

Change the direct return to jump to the err_reset label to
properly free the resources.

Published: 2026-05-27

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The wm5102_clear_write_sequencer() helper may return an error and exit early, skipping the cleanup sequence that normally disables hardware regulators. As a result, those regulators remain enabled, creating a resource leak. The flaw is a functional defect that does not provide a direct code execution path or privilege escalation.

Affected Systems

Any Linux kernel build that includes the mfd: Arizona driver for the WM5102 chip is affected. This includes systems where the kernel is compiled with this driver and where WM5102 hardware is present. No specific kernel version range is supplied, so the issue may exist in any build until the patch is applied.

Risk and Exploitability

The vulnerability has a very low likelihood of exploitation, reflected by an EPSS score of <1% and no listing in the CISA KEV catalog. Exploitation would likely require local access to trigger the error path of wm5102_clear_write_sequencer() on a system with WM5102 hardware, and it does not provide a remote attack vector or direct escalation. The impact is limited to a resource leak that could affect power management but does not compromise confidentiality, integrity, or availability.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1c1c6bba57f51331f64f32d0ce9a0f9883041205`	affected	< 54eafc1b0dbcf79c5f8b6dc8d9e92e56b9384c0a
`1c1c6bba57f51331f64f32d0ce9a0f9883041205`	affected	< 933c5463873582baaecf5c38401ec4095b1c6269
`1c1c6bba57f51331f64f32d0ce9a0f9883041205`	affected	< 445cec7b4fbb1546836ae8e332d158e8d37d0fb6
`1c1c6bba57f51331f64f32d0ce9a0f9883041205`	affected	< 3ea01691738b0decb63ea2705d2cdf27f6f26fc0
`1c1c6bba57f51331f64f32d0ce9a0f9883041205`	affected	< e0527c09bcf1e6beeb685a7f4177683866b8609c
`1c1c6bba57f51331f64f32d0ce9a0f9883041205`	affected	< 5a4923726a165593d7601834a6fb2a10ab47b85d
`1c1c6bba57f51331f64f32d0ce9a0f9883041205`	affected	< 2049820d1e635e467d795237fd40287213d92349
`1c1c6bba57f51331f64f32d0ce9a0f9883041205`	affected	< 4feb753ba6e5e5bbaba868b841a2db41c21e56fa

Linux

affected

Version	Status	Constraints
`4.2`	affected	—
`0`	unaffected	< 4.2
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1c1c6bba57f51331f64f32d0ce9a0f9883041205,54eafc1b0dbcf79c5f8b6dc8d9e92e56b9384c0a)`	affected	code_commit	—
`[1c1c6bba57f51331f64f32d0ce9a0f9883041205,933c5463873582baaecf5c38401ec4095b1c6269)`	affected	code_commit	—
`[1c1c6bba57f51331f64f32d0ce9a0f9883041205,445cec7b4fbb1546836ae8e332d158e8d37d0fb6)`	affected	code_commit	—
`[1c1c6bba57f51331f64f32d0ce9a0f9883041205,3ea01691738b0decb63ea2705d2cdf27f6f26fc0)`	affected	code_commit	—
`[1c1c6bba57f51331f64f32d0ce9a0f9883041205,e0527c09bcf1e6beeb685a7f4177683866b8609c)`	affected	code_commit	—
`[1c1c6bba57f51331f64f32d0ce9a0f9883041205,5a4923726a165593d7601834a6fb2a10ab47b85d)`	affected	code_commit	—
`[1c1c6bba57f51331f64f32d0ce9a0f9883041205,2049820d1e635e467d795237fd40287213d92349)`	affected	code_commit	—
`[1c1c6bba57f51331f64f32d0ce9a0f9883041205,4feb753ba6e5e5bbaba868b841a2db41c21e56fa)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.2`	affected	generic	—
`[0,4.2)`	unaffected	generic	—
`[5.10.252,5.11.0)`	unaffected	semver	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.14,6.19.0)`	unaffected	semver	—
`[6.19.4,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a build that includes the commit 2049820d1e635e467d795237fd40287213d92349 to fix the cleanup logic.
After the kernel update, reboot the system or reload the mfd: Arizona module so the corrected driver code is active.
Verify that regulators are properly disabled after operation by checking relevant sysfs entries or kernel logs to confirm the cleanup is functioning.
If an immediate kernel update is not feasible, consider disabling the WM5102-related regulators or limiting their usage to mitigate the risk until the patch can be applied.

Generated by OpenCVE AI on May 28, 2026 at 17:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4606-1	linux security update

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00221.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2049820d1e635e467d795237fd40287213d92349
https://git.kernel.org/stable/c/3ea01691738b0decb63ea2705d2cdf27f6f26fc0
https://git.kernel.org/stable/c/445cec7b4fbb1546836ae8e332d158e8d37d0fb6
https://git.kernel.org/stable/c/4feb753ba6e5e5bbaba868b841a2db41c21e56fa
https://git.kernel.org/stable/c/54eafc1b0dbcf79c5f8b6dc8d9e92e56b9384c0a
https://git.kernel.org/stable/c/5a4923726a165593d7601834a6fb2a10ab47b85d
https://git.kernel.org/stable/c/933c5463873582baaecf5c38401ec4095b1c6269
https://git.kernel.org/stable/c/e0527c09bcf1e6beeb685a7f4177683866b8609c
https://lore.kernel.org/linux-cve-announce/2026052714-CVE-2026-45875-a80f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-45875
https://www.cve.org/CVERecord?id=CVE-2026-45875

History

Thu, 28 May 2026 15:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-399 CWE-778

Thu, 28 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026052714-CVE-2026-45875-a80f@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-45875 https://www.cve.org/CVERecord?id=CVE-2026-45875

Wed, 27 May 2026 18:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-399 CWE-778

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure The wm5102_clear_write_sequencer() helper may return an error and just return, bypassing the cleanup sequence and causing regulators to remain enabled, leading to a resource leak. Change the direct return to jump to the err_reset label to properly free the resources.
Title		mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2049820d1e635e467d795237fd40287213d92349 https://git.kernel.org/stable/c/3ea01691738b0decb63ea2705d2cdf27f6f26fc0 https://git.kernel.org/stable/c/445cec7b4fbb1546836ae8e332d158e8d37d0fb6 https://git.kernel.org/stable/c/4feb753ba6e5e5bbaba868b841a2db41c21e56fa https://git.kernel.org/stable/c/54eafc1b0dbcf79c5f8b6dc8d9e92e56b9384c0a https://git.kernel.org/stable/c/5a4923726a165593d7601834a6fb2a10ab47b85d https://git.kernel.org/stable/c/933c5463873582baaecf5c38401ec4095b1c6269 https://git.kernel.org/stable/c/e0527c09bcf1e6beeb685a7f4177683866b8609c

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:15:56.675Z

Updated: 2026-05-27T12:15:56.675Z

Reserved: 2026-05-13T15:03:33.081Z

Link: CVE-2026-45875

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:01.117

Modified: 2026-05-27T14:48:31.480

Link: CVE-2026-45875

Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45875 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T17:45:22Z

Weaknesses

CWE-772
Missing Release of Resource after Effective Lifetime

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object