Skip to main content

Linux Kernel CVE-2026-46252

| EUVDEUVD-2026-34114 MEDIUM
Improper Locking (CWE-667)
2026-06-03 Linux GHSA-w447-hxj8-xq6p
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 09, 2026 - 20:58 vuln.today
CVSS changed
Jun 09, 2026 - 20:52 NVD
5.5 (MEDIUM)
Patch available
Jun 03, 2026 - 19:01 EUVD
CVE Published
Jun 03, 2026 - 15:49 nvd
MEDIUM 5.5
CVE Published
Jun 03, 2026 - 15:49 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

regulator: core: fix locking in regulator_resolve_supply() error path

If late enabling of a supply regulator fails in regulator_resolve_supply(), the code currently triggers a lockdep warning:

WARNING: drivers/regulator/core.c:2649 at _regulator_put+0x80/0xa0, CPU#6: kworker/u32:4/596 ... Call trace: _regulator_put+0x80/0xa0 (P) regulator_resolve_supply+0x7cc/0xbe0 regulator_register_resolve_supply+0x28/0xb8

as the regulator_list_mutex must be held when calling _regulator_put().

To solve this, simply switch to using regulator_put().

While at it, we should also make sure that no concurrent access happens to our rdev while we clear out the supply pointer. Add appropriate locking to ensure that.

While the code in question will be removed altogether in a follow-up commit, I believe it is still beneficial to have this corrected before removal for future reference.

AnalysisAI

Improper locking in the Linux kernel regulator subsystem's regulator_resolve_supply() error path allows a local low-privileged attacker to trigger a kernel crash or denial of service. The error path invokes _regulator_put() without holding the required regulator_list_mutex, producing a lockdep warning and exposing an unguarded concurrent access window when clearing the rdev supply pointer. No public exploit has been identified at time of analysis, and with an EPSS of 0.02% (5th percentile), real-world exploitation probability is very low.

Technical ContextAI

The vulnerability resides in drivers/regulator/core.c at line 2649 within the Linux kernel's voltage/current regulator framework, which manages power supply dependencies during driver registration. Classified as CWE-667 (Improper Locking), the root cause is a missing lock acquisition before calling the internal _regulator_put() function in an error path: that function's contract requires regulator_list_mutex to be held by the caller, but the error path in regulator_resolve_supply() violates this invariant. A secondary race condition exists because the supply pointer on the rdev struct is cleared without appropriate locking, creating a window for concurrent access. The fix, introduced via upstream commits c66e0db0f37290b53c57994f998bb55590364fd0 and 497330b203d2c59c5ff3fa4c34d14494d7203bc3, replaces the internal _regulator_put() call with the public regulator_put() (which manages its own locking) and adds explicit locking around the supply pointer clearing. CPE data confirms the affected product as cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*.

RemediationAI

Vendor-released patches are available: upgrade to Linux kernel 6.19.4 (stable series) or Linux 7.0 (mainline). The specific fix commits are c66e0db0f37290b53c57994f998bb55590364fd0 (mainline) and 497330b203d2c59c5ff3fa4c34d14494d7203bc3 (stable), both accessible via https://git.kernel.org/stable/. Distribution maintainers (RHEL, Debian, Ubuntu, SUSE) should be tracked independently for backported stable patches, as kernel.org commits may not map directly to downstream package versions. If patching is not immediately feasible, restricting unprivileged local user access to the affected system reduces exposure, since AV:L/PR:L requires an interactive or scripted local session. There are no known protocol-level or configuration-based workarounds that disable the vulnerable regulator code path without broad functional impact to hardware drivers depending on the regulator framework.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

CVE-2026-46252 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy