Unrated severityNVD Advisory· Published Jun 3, 2026

CVE-2026-46252

Description

Linux kernel regulator subsystem has a locking issue in regulator_resolve_supply() that can trigger a lockdep warning.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel regulator subsystem has a locking issue in regulator_resolve_supply() that can trigger a lockdep warning.

Vulnerability

The Linux kernel's regulator subsystem has a locking issue within the regulator_resolve_supply() function's error path. Specifically, when late enabling of a supply regulator fails, the code incorrectly calls _regulator_put() without holding the regulator_list_mutex, leading to a lockdep warning. This vulnerability affects versions of the kernel where this specific code path exists.

Exploitation

Exploitation requires triggering the error path within regulator_resolve_supply(), which occurs when a supply regulator's late enabling fails. The vulnerability manifests as a lockdep warning, indicating a potential race condition or incorrect locking. An attacker would need to find a way to induce this specific failure scenario within the kernel's regulator framework, likely through complex driver interactions or specific hardware configurations.

Impact

The primary impact of this vulnerability is a lockdep warning, which signals a potential kernel locking violation. While not directly leading to code execution or data corruption, such warnings can indicate underlying race conditions that might be exploitable under specific circumstances to cause system instability or denial of service. The lockdep warning itself indicates a violation of the kernel's locking rules.

Mitigation

This issue has been resolved by switching the call from _regulator_put() to regulator_put() and adding appropriate locking to prevent concurrent access to the regulator device (rdev) while clearing the supply pointer. The fix is available in the Linux kernel. Specific patched versions are not detailed in the provided references, but the fix is present in the kernel's stable git repository [1].

References

Making sure you're not a bot!

AI Insight generated on Jun 3, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Linux/Kernelllm-fuzzy

Patches

497330b203d2

regulator: core: fix locking in regulator_resolve_supply() error path

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitAndré DraszikFixed in 7.0via kernel-cna

commit

1 file changed · +9 −2

drivers/regulator/core.c+9 −2 modified

diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index a723bd00e1716..48c091de68d81 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -2285,8 +2285,16 @@ static int regulator_resolve_supply(struct regulator_dev *rdev)
 	if (rdev->use_count) {
 		ret = regulator_enable(rdev->supply);
 		if (ret < 0) {
-			_regulator_put(rdev->supply);
+			struct regulator *supply;
+
+			regulator_lock_two(rdev, rdev->supply->rdev, &ww_ctx);
+
+			supply = rdev->supply;
 			rdev->supply = NULL;
+
+			regulator_unlock_two(rdev, supply->rdev, &ww_ctx);
+
+			regulator_put(supply);
 			goto out;
 		}
 	}
-- 
cgit 1.3-korg

c66e0db0f372

regulator: core: fix locking in regulator_resolve_supply() error path

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitAndré DraszikFixed in 6.19.4via kernel-cna

commit

1 file changed · +9 −2

drivers/regulator/core.c+9 −2 modified

diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index 4b6182cde859a..b2dcd1acd0ece 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -2285,8 +2285,16 @@ static int regulator_resolve_supply(struct regulator_dev *rdev)
 	if (rdev->use_count) {
 		ret = regulator_enable(rdev->supply);
 		if (ret < 0) {
-			_regulator_put(rdev->supply);
+			struct regulator *supply;
+
+			regulator_lock_two(rdev, rdev->supply->rdev, &ww_ctx);
+
+			supply = rdev->supply;
 			rdev->supply = NULL;
+
+			regulator_unlock_two(rdev, supply->rdev, &ww_ctx);
+
+			regulator_put(supply);
 			goto out;
 		}
 	}
-- 
cgit 1.3-korg

497330b203d2

regulator: core: fix locking in regulator_resolve_supply() error path

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.gitAndré Draszikvia nvd-ref

commit

1 file changed · +9 −2

drivers/regulator/core.c+9 −2 modified

diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index a723bd00e1716..48c091de68d81 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -2285,8 +2285,16 @@ static int regulator_resolve_supply(struct regulator_dev *rdev)
 	if (rdev->use_count) {
 		ret = regulator_enable(rdev->supply);
 		if (ret < 0) {
-			_regulator_put(rdev->supply);
+			struct regulator *supply;
+
+			regulator_lock_two(rdev, rdev->supply->rdev, &ww_ctx);
+
+			supply = rdev->supply;
 			rdev->supply = NULL;
+
+			regulator_unlock_two(rdev, supply->rdev, &ww_ctx);
+
+			regulator_put(supply);
 			goto out;
 		}
 	}
-- 
cgit 1.3-korg

c66e0db0f372

regulator: core: fix locking in regulator_resolve_supply() error path

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.gitAndré Draszikvia nvd-ref

commit

1 file changed · +9 −2

drivers/regulator/core.c+9 −2 modified

diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index 4b6182cde859a..b2dcd1acd0ece 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -2285,8 +2285,16 @@ static int regulator_resolve_supply(struct regulator_dev *rdev)
 	if (rdev->use_count) {
 		ret = regulator_enable(rdev->supply);
 		if (ret < 0) {
-			_regulator_put(rdev->supply);
+			struct regulator *supply;
+
+			regulator_lock_two(rdev, rdev->supply->rdev, &ww_ctx);
+
+			supply = rdev->supply;
 			rdev->supply = NULL;
+
+			regulator_unlock_two(rdev, supply->rdev, &ww_ctx);
+
+			regulator_put(supply);
 			goto out;
 		}
 	}
-- 
cgit 1.3-korg

Vulnerability mechanics

Root cause

"The regulator_resolve_supply function incorrectly calls _regulator_put without holding the necessary regulator_list_mutex."

Attack vector

This vulnerability is triggered when the late enabling of a supply regulator fails within the regulator_resolve_supply function. The failure occurs during the process of enabling a regulator that is a supply for another. This path leads to a lockdep warning because the internal function _regulator_put is called without the required regulator_list_mutex being held.

Affected code

The vulnerability exists in the `regulator_resolve_supply` function within the `drivers/regulator/core.c` file. Specifically, the error path where `regulator_enable(rdev->supply)` returns an error is affected. The patch modifies lines around `_regulator_put(rdev->supply)` to use `regulator_put()` and adds locking mechanisms [patch_id=4686699].

What the fix does

The patch modifies the error handling path in regulator_resolve_supply. Instead of calling the internal _regulator_put function, it now calls the public regulator_put function. Additionally, it introduces locking using regulator_lock_two and regulator_unlock_two to prevent concurrent access to the regulator device while the supply pointer is being cleared. This ensures the regulator_list_mutex is correctly managed, resolving the lockdep warning [patch_id=4686699].

Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

Linux Kernel: 25 Vulnerabilities Disclosed in Single Batch on June 3, 2026
Vypr Intelligence · Jun 3, 2026

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000