Executive Summary

Informations
Name CVE-2025-22009 First vendor Publication 2025-04-08
Vendor Cve Last vendor Modification 2025-04-10

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

regulator: dummy: force synchronous probing

Sometimes I get a NULL pointer dereference at boot time in kobject_get() with the following call stack:

anatop_regulator_probe()
devm_regulator_register()
regulator_register()
regulator_resolve_supply()
kobject_get()

By placing some extra BUG_ON() statements I could verify that this is raised because probing of the 'dummy' regulator driver is not completed ('dummy_regulator_rdev' is still NULL).

In the JTAG debugger I can see that dummy_regulator_probe() and anatop_regulator_probe() can be run by different kernel threads (kworker/u4:*). I haven't further investigated whether this can be changed or if there are other possibilities to force synchronization between these two probe routines. On the other hand I don't expect much boot time penalty by probing the 'dummy' regulator synchronously.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22009

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-476 NULL Pointer Dereference

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3718

Sources (Detail)

https://git.kernel.org/stable/c/5ade367b56c3947c990598df92395ce737bee872
https://git.kernel.org/stable/c/8619909b38eeebd3e60910158d7d68441fc954e9
https://git.kernel.org/stable/c/d3b83a1442a09b145006eb4294b1a963c5345c9c
https://git.kernel.org/stable/c/e26f24ca4fb940b15e092796c5993142a2558bd9
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2025-06-26 02:41:17
  • Multiple Updates
2025-06-25 12:38:22
  • Multiple Updates
2025-06-24 02:45:43
  • Multiple Updates
2025-05-27 02:54:30
  • First insertion