CVE-2025-38535
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-16

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode When transitioning from USB_ROLE_DEVICE to USB_ROLE_NONE, the code assumed that the regulator should be disabled. However, if the regulator is marked as always-on, regulator_is_enabled() continues to return true, leading to an incorrect attempt to disable a regulator which is not enabled. This can result in warnings such as: [ 250.155624] WARNING: CPU: 1 PID: 7326 at drivers/regulator/core.c:3004 _regulator_disable+0xe4/0x1a0 [ 250.155652] unbalanced disables for VIN_SYS_5V0 To fix this, we move the regulator control logic into tegra186_xusb_padctl_id_override() function since it's directly related to the ID override state. The regulator is now only disabled when the role transitions from USB_ROLE_HOST to USB_ROLE_NONE, by checking the VBUS_ID register. This ensures that regulator enable/disable operations are properly balanced and only occur when actually transitioning to/from host mode.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-16
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-08-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38535
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.10.244
linux linux_kernel 6.1.153
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel's Tegra xusb driver involves incorrect handling of regulator disable operations when transitioning USB roles. Specifically, when switching from USB_ROLE_DEVICE to USB_ROLE_NONE, the code incorrectly attempts to disable a regulator that is marked as always-on and thus remains enabled. This leads to unbalanced regulator disable calls and kernel warnings. The fix moves regulator control logic to ensure disable operations only occur when transitioning from USB_ROLE_HOST to USB_ROLE_NONE, properly balancing enable/disable calls.


How can this vulnerability impact me? :

This vulnerability can cause kernel warnings related to unbalanced regulator disable calls, which may indicate improper power management. While it may not directly cause system crashes, it can lead to instability or unexpected behavior in USB role transitions on affected Tegra devices, potentially impacting device reliability or performance.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the system logs for specific warning messages related to unbalanced regulator disables. Look for warnings such as: '[ 250.155624] WARNING: CPU: 1 PID: 7326 at drivers/regulator/core.c:3004 _regulator_disable+0xe4/0x1a0' and '[ 250.155652] unbalanced disables for VIN_SYS_5V0'. You can use the command 'dmesg | grep -i unbalanced' or 'journalctl -k | grep -i unbalanced' to find these warnings in kernel logs.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix where the regulator control logic is moved into the tegra186_xusb_padctl_id_override() function. This fix ensures that regulator enable/disable operations are properly balanced and only occur when transitioning to/from host mode, preventing unbalanced disables and related warnings.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart