CVE-2026-46252

MEDIUM

regulator: core: fix locking in regulator_resolve_supply() error path

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_supply() error path If late enabling of a supply regulator fails in regulator_resolve_supply(), the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at _regulator_put+0x80/0xa0, CPU#6: kworker/u32:4/596 ... Call trace: _regulator_put+0x80/0xa0 (P) regulator_resolve_supply+0x7cc/0xbe0 regulator_register_resolve_supply+0x28/0xb8 as the regulator_list_mutex must be held when calling _regulator_put(). To solve this, simply switch to using regulator_put(). While at it, we should also make sure that no concurrent access happens to our rdev while we clear out the supply pointer. Add appropriate locking to ensure that. While the code in question will be removed altogether in a follow-up commit, I believe it is still beneficial to have this corrected before removal for future reference.

References (2)

Core 2

Core References

https://git.kernel.org/stable/c/c66e0db0f37290b53c57994f998bb55590364fd0

https://git.kernel.org/stable/c/497330b203d2c59c5ff3fa4c34d14494d7203bc3

Scores

CVSS v3 5.5

EPSS 0.0008

EPSS Percentile 0.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-667

Status published

Products (8)

Linux/Linux < 4.2

Linux/Linux 36a1f1b6ddc6d1442424e29548e790633ca39c7b - 497330b203d2c59c5ff3fa4c34d14494d7203bc3

Linux/Linux 36a1f1b6ddc6d1442424e29548e790633ca39c7b - c66e0db0f37290b53c57994f998bb55590364fd0

Linux/Linux 4.2

Linux/Linux 6.19.4 - 6.19.*

Linux/Linux 7.0

linux/linux_kernel 4.2 (6 CPE variants)

linux/linux_kernel 4.2.1 - 6.19.4

Published Jun 03, 2026

Tracked Since Jun 03, 2026