Description
In the Linux kernel, the following vulnerability has been resolved:

regulator: core: fix locking in regulator_resolve_supply() error path

If late enabling of a supply regulator fails in
regulator_resolve_supply(), the code currently triggers a lockdep
warning:

WARNING: drivers/regulator/core.c:2649 at _regulator_put+0x80/0xa0, CPU#6: kworker/u32:4/596
...
Call trace:
_regulator_put+0x80/0xa0 (P)
regulator_resolve_supply+0x7cc/0xbe0
regulator_register_resolve_supply+0x28/0xb8

as the regulator_list_mutex must be held when calling _regulator_put().

To solve this, simply switch to using regulator_put().

While at it, we should also make sure that no concurrent access happens
to our rdev while we clear out the supply pointer. Add appropriate
locking to ensure that.

While the code in question will be removed altogether in a follow-up
commit, I believe it is still beneficial to have this corrected before
removal for future reference.
Published: 2026-06-03
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The fix addresses an improper lock usage in the regulator_resolve_supply() error path of the Linux kernel. When enabling a supply regulator fails, the code incorrectly calls _regulator_put() without holding the regulator_list_mutex, triggering a lockdep warning and creating a potential race condition. This flaw could lead to inconsistent regulator state or kernel instability, though the description does not state direct data exposure or arbitrary code execution.

Affected Systems

Affected systems are Linux kernel builds that include the regulator subsystem. The vulnerability exists in any kernel revision prior to the commit that implements the correction; specific version ranges are not listed in the advisory.

Risk and Exploitability

The EPSS score is < 1% and the vulnerability is not listed in the CISA KEV catalog, suggesting a low likelihood of active exploitation. The CV score is 5.5, indicating moderate severity. An attacker would need to trigger the error path—potentially through device initialization or configuration changes—making the exposure likely limited to local or privileged users interacting with the kernel.

Generated by OpenCVE AI on June 9, 2026 at 23:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to the latest stable release that incorporates the regulator_resolve_supply() lock fix (commit 497330b... or c66e0db...).
  • If an upgraded kernel cannot be deployed immediately, manually apply the patch from the referenced commit to drivers/regulator/core.c, ensuring _regulator_put() is replaced with regulator_put() on the error path and that appropriate locking protects rdev accesses.
  • Restart any services or modules that depend on the regulator subsystem to ensure they operate correctly with the updated kernel code.

Generated by OpenCVE AI on June 9, 2026 at 23:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-667
CPEs cpe:2.3:o:linux:linux_kernel:4.2:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.2:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.2:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.2:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.2:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.2:rc8:*:*:*:*:*:*

Thu, 04 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Thu, 04 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-413
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 03 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_supply() error path If late enabling of a supply regulator fails in regulator_resolve_supply(), the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at _regulator_put+0x80/0xa0, CPU#6: kworker/u32:4/596 ... Call trace: _regulator_put+0x80/0xa0 (P) regulator_resolve_supply+0x7cc/0xbe0 regulator_register_resolve_supply+0x28/0xb8 as the regulator_list_mutex must be held when calling _regulator_put(). To solve this, simply switch to using regulator_put(). While at it, we should also make sure that no concurrent access happens to our rdev while we clear out the supply pointer. Add appropriate locking to ensure that. While the code in question will be removed altogether in a follow-up commit, I believe it is still beneficial to have this corrected before removal for future reference.
Title regulator: core: fix locking in regulator_resolve_supply() error path
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-03T15:49:48.784Z

Reserved: 2026-05-13T15:03:33.107Z

Link: CVE-2026-46252

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-06-03T18:16:25.797

Modified: 2026-06-09T20:42:31.367

Link: CVE-2026-46252

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-03T00:00:00Z

Links: CVE-2026-46252 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:15:16Z

Weaknesses