CVE-2026-46252
Kernel Locking Issue in Linux Regulator Core
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
| linux_kernel | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is related to the Linux kernel's regulator core code, specifically in the function regulator_resolve_supply(). When late enabling of a supply regulator fails, the code triggers a lockdep warning because the regulator_list_mutex must be held when calling the function _regulator_put().
The issue arises from improper locking, which can lead to concurrent access problems when clearing out the supply pointer. The fix involves switching to using regulator_put() and adding appropriate locking to prevent concurrent access to the regulator device (rdev).
Although the problematic code is planned to be removed in a future update, this fix ensures proper locking and prevents potential issues before that removal.
How can this vulnerability impact me? :
Improper locking in the regulator core code can lead to concurrency issues, which might cause unexpected behavior or instability in the Linux kernel's power management subsystem.
Such instability could potentially result in system crashes, degraded performance, or unpredictable hardware behavior related to power regulation.
However, this vulnerability does not appear to directly lead to privilege escalation, data leakage, or other security breaches.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for lockdep warnings related to the regulator subsystem in the Linux kernel logs.
Specifically, look for warnings similar to the following in your kernel logs:
- WARNING: drivers/regulator/core.c:2649 at _regulator_put+0x80/0xa0, CPU#X: kworker/u32:4/XXX
- Call trace involving _regulator_put, regulator_resolve_supply, and regulator_register_resolve_supply functions.
You can check for such warnings by running the following command to search kernel logs:
- dmesg | grep -i regulator
- journalctl -k | grep -i regulator
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation involves updating the Linux kernel to a version where the fix for this vulnerability is applied.
The fix includes switching from using _regulator_put() to regulator_put() in the regulator_resolve_supply() error path and adding appropriate locking to prevent concurrent access issues.
Until the kernel is updated, monitoring for lockdep warnings and avoiding operations that trigger late enabling of supply regulators may reduce exposure.