CVE-2025-68354
Unknown Unknown - Not Provided
Use-After-Free in Linux Kernel Regulator Due to Race Condition

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex regulator_supply_alias_list was accessed without any locking in regulator_supply_alias(), regulator_register_supply_alias(), and regulator_unregister_supply_alias(). Concurrent registration, unregistration and lookups can race, leading to: 1 use-after-free if an alias entry is removed while being read, 2 duplicate entries when two threads register the same alias, 3 inconsistent alias mappings observed by consumers. Protect all traversals, insertions and deletions on regulator_supply_alias_list with the existing regulator_list_mutex.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68354
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves the regulator_supply_alias_list being accessed without proper locking mechanisms in certain functions. This lack of synchronization can cause race conditions during concurrent registration, unregistration, and lookups of aliases. The issues include use-after-free errors if an alias entry is removed while being read, duplicate entries if two threads register the same alias simultaneously, and inconsistent alias mappings observed by consumers. The fix involves protecting all operations on regulator_supply_alias_list with the existing regulator_list_mutex to ensure thread safety.

Impact Analysis

This vulnerability can lead to unstable or unpredictable behavior in the Linux kernel due to race conditions. Specifically, it can cause use-after-free errors, which may lead to crashes or potential exploitation. Duplicate entries and inconsistent alias mappings can cause incorrect system behavior or resource mismanagement, potentially affecting system reliability and security.

Mitigation Strategies

Apply the patch that protects regulator_supply_alias_list with regulator_list_mutex in the Linux kernel. This involves updating the Linux kernel to a version where regulator_supply_alias(), regulator_register_supply_alias(), and regulator_unregister_supply_alias() properly use locking to prevent race conditions. Until patched, avoid concurrent operations that register, unregister, or lookup regulator supply aliases to reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68354. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart