In the Linux kernel, the following vulnerability has been resolved:
regulator: core: fix locking in regulatorresolvesupply() error path
If late enabling of a supply regulator fails in regulatorresolvesupply(), the code currently triggers a lockdep warning:
WARNING: drivers/regulator/core.c:2649 at _regulator_put+0x80/0xa0, CPU#6: kworker/u32:4/596
...
Call trace:
_regulator_put+0x80/0xa0 (P)
regulator_resolve_supply+0x7cc/0xbe0
regulator_register_resolve_supply+0x28/0xb8
as the regulatorlistmutex must be held when calling regulatorput().
To solve this, simply switch to using regulator_put().
While at it, we should also make sure that no concurrent access happens to our rdev while we clear out the supply pointer. Add appropriate locking to ensure that.
While the code in question will be removed altogether in a follow-up commit, I believe it is still beneficial to have this corrected before removal for future reference.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46252.json",
"cna_assigner": "Linux"
}