CVE-2025-22009

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-22009
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-22009.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-22009
Downstream
Related
Published
2025-04-08T08:17:59Z
Modified
2025-10-22T10:07:09.012112Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
regulator: dummy: force synchronous probing
Details

In the Linux kernel, the following vulnerability has been resolved:

regulator: dummy: force synchronous probing

Sometimes I get a NULL pointer dereference at boot time in kobject_get() with the following call stack:

anatopregulatorprobe() devmregulatorregister() regulatorregister() regulatorresolvesupply() kobjectget()

By placing some extra BUGON() statements I could verify that this is raised because probing of the 'dummy' regulator driver is not completed ('dummyregulator_rdev' is still NULL).

In the JTAG debugger I can see that dummyregulatorprobe() and anatopregulatorprobe() can be run by different kernel threads (kworker/u4:*). I haven't further investigated whether this can be changed or if there are other possibilities to force synchronization between these two probe routines. On the other hand I don't expect much boot time penalty by probing the 'dummy' regulator synchronously.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
259b93b21a9ffe5117af4dfb5505437e463c6a5a
Fixed
e26f24ca4fb940b15e092796c5993142a2558bd9
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
259b93b21a9ffe5117af4dfb5505437e463c6a5a
Fixed
d3b83a1442a09b145006eb4294b1a963c5345c9c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
259b93b21a9ffe5117af4dfb5505437e463c6a5a
Fixed
5ade367b56c3947c990598df92395ce737bee872
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
259b93b21a9ffe5117af4dfb5505437e463c6a5a
Fixed
8619909b38eeebd3e60910158d7d68441fc954e9

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.13.2
v6.13.3
v6.13.4
v6.13.5
v6.13.6
v6.13.7
v6.13.8
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.3
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.8
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e26f24ca4fb940b15e092796c5993142a2558bd9",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "drivers/regulator/dummy.c"
        },
        "id": "CVE-2025-22009-1b311ec0",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "301584935002387986773386687860895944878",
                "93260593213811702981714630204085543628",
                "242446072900523908345479995998469575706",
                "322797384498274434082216678081484923012"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d3b83a1442a09b145006eb4294b1a963c5345c9c",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "drivers/regulator/dummy.c"
        },
        "id": "CVE-2025-22009-33415f59",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "301584935002387986773386687860895944878",
                "93260593213811702981714630204085543628",
                "242446072900523908345479995998469575706",
                "322797384498274434082216678081484923012"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5ade367b56c3947c990598df92395ce737bee872",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "drivers/regulator/dummy.c"
        },
        "id": "CVE-2025-22009-487430c7",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "301584935002387986773386687860895944878",
                "93260593213811702981714630204085543628",
                "242446072900523908345479995998469575706",
                "322797384498274434082216678081484923012"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8619909b38eeebd3e60910158d7d68441fc954e9",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "drivers/regulator/dummy.c"
        },
        "id": "CVE-2025-22009-61e1d38c",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "301584935002387986773386687860895944878",
                "93260593213811702981714630204085543628",
                "242446072900523908345479995998469575706",
                "322797384498274434082216678081484923012"
            ]
        }
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.4.0
Fixed
6.6.85
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.21
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.9