CVE-2025-38668
BaseFortify
Publication date: 2025-08-22
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | 5.10.244-1 |
| linux | kernel | 6.1.153-1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves a NULL pointer dereference caused by stale coupling data in the regulator core. Specifically, after unbinding regulators, the coupling_desc.n_coupled value is not reset to zero, which leads to attempts to access invalid pointers during subsequent regulator operations such as runtime power management. This can cause kernel panics, for example, when unbinding the 'reg-dummy' platform device triggers a panic in regulator_lock_recursive() due to this stale state.
How can this vulnerability impact me? :
This vulnerability can cause system instability or crashes (kernel panics) when certain regulator operations are performed after unbinding devices. This can lead to denial of service or unexpected system behavior, potentially affecting system reliability and uptime.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the Linux kernel is updated to a version where the fix is applied. Specifically, the fix involves resetting the coupling_desc.n_coupled to 0 after freeing coupled_rdevs to prevent NULL pointer dereference. Applying the latest kernel patches or updates that address this issue will prevent panics caused by stale coupling state during regulator operations.