AZL-64863

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64863.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-64863

Upstream

CVE-2025-38259

Published

2025-07-09T11:15:28Z

Modified

2026-04-21T04:32:35.360185Z

Summary

CVE-2025-38259 affecting package kernel for versions less than 6.6.96.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: codecs: wcd9335: Fix missing free of regulator supplies

Driver gets and enables all regulator supplies in probe path (wcd9335parsedt() and wcd9335poweron_reset()), but does not cleanup in final error paths and in unbind (missing remove() callback). This leads to leaked memory and unbalanced regulator enable count during probe errors or unbind.

Fix this by converting entire code into devmregulatorbulkgetenable() which also greatly simplifies the code.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38259

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.96.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64863.json"