{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38027","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.978Z","datePublished":"2025-06-18T09:28:32.546Z","dateUpdated":"2026-05-11T21:19:52.816Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:19:52.816Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: max20086: fix invalid memory access\n\nmax20086_parse_regulators_dt() calls of_regulator_match() using an\narray of struct of_regulator_match allocated on the stack for the\nmatches argument.\n\nof_regulator_match() calls devm_of_regulator_put_matches(), which calls\ndevres_alloc() to allocate a struct devm_of_regulator_matches which will\nbe de-allocated using devm_of_regulator_put_matches().\n\nstruct devm_of_regulator_matches is populated with the stack allocated\nmatches array.\n\nIf the device fails to probe, devm_of_regulator_put_matches() will be\ncalled and will try to call of_node_put() on that stack pointer,\ngenerating the following dmesg entries:\n\nmax20086 6-0028: Failed to read DEVICE_ID reg: -121\nkobject: '\\xc0$\\xa5\\x03' (000000002cebcb7a): is not initialized, yet\nkobject_put() is being called.\n\nFollowed by a stack trace matching the call flow described above.\n\nSwitch to allocating the matches array using devm_kcalloc() to\navoid accessing the stack pointer long after it's out of scope.\n\nThis also has the advantage of allowing multiple max20086 to probe\nwithout overriding the data stored inside the global of_regulator_match."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/regulator/max20086-regulator.c"],"versions":[{"version":"bfff546aae50ae68ed395bf0e0848188d27b0ba3","lessThan":"6ba30f7aa2c550b2ac04f16b81a19a8c045b8660","status":"affected","versionType":"git"},{"version":"bfff546aae50ae68ed395bf0e0848188d27b0ba3","lessThan":"7bddac8603d4e396872c2fbf4403ec08e7b1d7c8","status":"affected","versionType":"git"},{"version":"bfff546aae50ae68ed395bf0e0848188d27b0ba3","lessThan":"d2a9a92bb4cc7568cff68241b0051dc7268bdc68","status":"affected","versionType":"git"},{"version":"bfff546aae50ae68ed395bf0e0848188d27b0ba3","lessThan":"5578ab04bd7732f470fc614bbc0a924900399fb8","status":"affected","versionType":"git"},{"version":"bfff546aae50ae68ed395bf0e0848188d27b0ba3","lessThan":"6b0cd72757c69bc2d45da42b41023e288d02e772","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/regulator/max20086-regulator.c"],"versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","status":"unaffected","versionType":"semver"},{"version":"6.1.140","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.92","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.30","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.14.8","lessThanOrEqual":"6.14.*","status":"unaffected","versionType":"semver"},{"version":"6.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.1.140"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.6.92"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.12.30"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.14.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6ba30f7aa2c550b2ac04f16b81a19a8c045b8660"},{"url":"https://git.kernel.org/stable/c/7bddac8603d4e396872c2fbf4403ec08e7b1d7c8"},{"url":"https://git.kernel.org/stable/c/d2a9a92bb4cc7568cff68241b0051dc7268bdc68"},{"url":"https://git.kernel.org/stable/c/5578ab04bd7732f470fc614bbc0a924900399fb8"},{"url":"https://git.kernel.org/stable/c/6b0cd72757c69bc2d45da42b41023e288d02e772"}],"title":"regulator: max20086: fix invalid memory access","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:58:24.832Z"}}]}}