CVE-2025-22009

MEDIUM EPSS 5.7%
Published Apr 8, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 8, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: regulator: dummy: force synchronous probing Sometimes I get a NULL pointer dereference at boot time in kobject_get() with the following call stack: anatop_regulator_probe() devm_regulator_register() regulator_register() regulator_resolve_supply() kobject_get() By placing some extra BUG_ON() statements I could verify that this is raised because probing of the 'dummy' regulator driver is not completed ('dummy_regulator_rdev' is still NULL). In the JTAG debugger I can see that dummy_regulator_probe() and anatop_regulator_probe() can be run by different kernel threads (kworker/u4:*). I haven't further investigated whether this can be changed or if there are other possibilities to force synchronization between these two probe routines. On the other hand I don't expect much boot time penalty by probing the 'dummy' regulator synchronously.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥6.4  –  <6.6.85
linuxlinux_kernel*≥6.7  –  <6.12.21
linuxlinux_kernel*≥6.13  –  <6.13.9
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/5ade367b56c3947c990598df92395ce737bee872
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8619909b38eeebd3e60910158d7d68441fc954e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3b83a1442a09b145006eb4294b1a963c5345c9c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e26f24ca4fb940b15e092796c5993142a2558bd9
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/5ade367b56c3947c990598df92395ce737bee872
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8619909b38eeebd3e60910158d7d68441fc954e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3b83a1442a09b145006eb4294b1a963c5345c9c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e26f24ca4fb940b15e092796c5993142a2558bd9
    Patch