CVE - CVE-2025-38027

CVE-ID
CVE-2025-38027	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: regulator: max20086: fix invalid memory access max20086_parse_regulators_dt() calls of_regulator_match() using an array of struct of_regulator_match allocated on the stack for the matches argument. of_regulator_match() calls devm_of_regulator_put_matches(), which calls devres_alloc() to allocate a struct devm_of_regulator_matches which will be de-allocated using devm_of_regulator_put_matches(). struct devm_of_regulator_matches is populated with the stack allocated matches array. If the device fails to probe, devm_of_regulator_put_matches() will be called and will try to call of_node_put() on that stack pointer, generating the following dmesg entries: max20086 6-0028: Failed to read DEVICE_ID reg: -121 kobject: '\xc0$\xa5\x03' (000000002cebcb7a): is not initialized, yet kobject_put() is being called. Followed by a stack trace matching the call flow described above. Switch to allocating the matches array using devm_kcalloc() to avoid accessing the stack pointer long after it's out of scope. This also has the advantage of allowing multiple max20086 to probe without overriding the data stored inside the global of_regulator_match.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/5578ab04bd7732f470fc614bbc0a924900399fb8 URL:https://git.kernel.org/stable/c/5578ab04bd7732f470fc614bbc0a924900399fb8 MISC:https://git.kernel.org/stable/c/6b0cd72757c69bc2d45da42b41023e288d02e772 URL:https://git.kernel.org/stable/c/6b0cd72757c69bc2d45da42b41023e288d02e772 MISC:https://git.kernel.org/stable/c/6ba30f7aa2c550b2ac04f16b81a19a8c045b8660 URL:https://git.kernel.org/stable/c/6ba30f7aa2c550b2ac04f16b81a19a8c045b8660 MISC:https://git.kernel.org/stable/c/7bddac8603d4e396872c2fbf4403ec08e7b1d7c8 URL:https://git.kernel.org/stable/c/7bddac8603d4e396872c2fbf4403ec08e7b1d7c8 MISC:https://git.kernel.org/stable/c/d2a9a92bb4cc7568cff68241b0051dc7268bdc68 URL:https://git.kernel.org/stable/c/d2a9a92bb4cc7568cff68241b0051dc7268bdc68
Assigning CNA
kernel.org
Date Record Created
20250416	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250416)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)