{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38668","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.031Z","datePublished":"2025-08-22T16:02:59.680Z","dateUpdated":"2026-05-11T21:32:40.117Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:32:40.117Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: core: fix NULL dereference on unbind due to stale coupling data\n\nFailing to reset coupling_desc.n_coupled after freeing coupled_rdevs can\nlead to NULL pointer dereference when regulators are accessed post-unbind.\n\nThis can happen during runtime PM or other regulator operations that rely\non coupling metadata.\n\nFor example, on ridesx4, unbinding the 'reg-dummy' platform device triggers\na panic in regulator_lock_recursive() due to stale coupling state.\n\nEnsure n_coupled is set to 0 to prevent access to invalid pointers."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/regulator/core.c"],"versions":[{"version":"d8ca7d184b33af7913c244900df77c6cad6a5590","lessThan":"7574892e259bbb16262ebfb4b65a2054a5e03a49","status":"affected","versionType":"git"},{"version":"d8ca7d184b33af7913c244900df77c6cad6a5590","lessThan":"6c49eac796681e250e34156bafb643930310bd4a","status":"affected","versionType":"git"},{"version":"d8ca7d184b33af7913c244900df77c6cad6a5590","lessThan":"ca9bef9ba1a6be640c87bf802d2e9e696021576a","status":"affected","versionType":"git"},{"version":"d8ca7d184b33af7913c244900df77c6cad6a5590","lessThan":"800a2cfb2df7f96b3fb48910fc595e0215f6b019","status":"affected","versionType":"git"},{"version":"d8ca7d184b33af7913c244900df77c6cad6a5590","lessThan":"233d3c54c9620e95193923859ea1d0b0f5d748ca","status":"affected","versionType":"git"},{"version":"d8ca7d184b33af7913c244900df77c6cad6a5590","lessThan":"5d4261dbb3335221fd9c6e69f909ba79ee6663a7","status":"affected","versionType":"git"},{"version":"d8ca7d184b33af7913c244900df77c6cad6a5590","lessThan":"d7e59c5fd7a0f5e16e75a30a89ea2c4ab88612b8","status":"affected","versionType":"git"},{"version":"d8ca7d184b33af7913c244900df77c6cad6a5590","lessThan":"ca46946a482238b0cdea459fb82fc837fb36260e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/regulator/core.c"],"versions":[{"version":"5.3","status":"affected"},{"version":"0","lessThan":"5.3","status":"unaffected","versionType":"semver"},{"version":"5.4.297","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.241","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.190","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.148","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.101","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.41","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.9","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.4.297"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.10.241"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.15.190"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.1.148"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.6.101"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.12.41"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.15.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7574892e259bbb16262ebfb4b65a2054a5e03a49"},{"url":"https://git.kernel.org/stable/c/6c49eac796681e250e34156bafb643930310bd4a"},{"url":"https://git.kernel.org/stable/c/ca9bef9ba1a6be640c87bf802d2e9e696021576a"},{"url":"https://git.kernel.org/stable/c/800a2cfb2df7f96b3fb48910fc595e0215f6b019"},{"url":"https://git.kernel.org/stable/c/233d3c54c9620e95193923859ea1d0b0f5d748ca"},{"url":"https://git.kernel.org/stable/c/5d4261dbb3335221fd9c6e69f909ba79ee6663a7"},{"url":"https://git.kernel.org/stable/c/d7e59c5fd7a0f5e16e75a30a89ea2c4ab88612b8"},{"url":"https://git.kernel.org/stable/c/ca46946a482238b0cdea459fb82fc837fb36260e"}],"title":"regulator: core: fix NULL dereference on unbind due to stale coupling data","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:40:55.085Z"}}]}}