CVE-2025-38259

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup in final error paths and in unbind (missing remove() callback). This leads to leaked memory and unbalanced regulator enable count during probe errors or unbind. Fix this by converting entire code into devm_regulator_bulk_get_enable() which also greatly simplifies the code.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/9079db287fc3e38e040b0edeb0a25770bb679c8e	Patch
https://git.kernel.org/stable/c/9830ef1803a5bc50b4a984a06cf23142cd46229d	Patch
https://git.kernel.org/stable/c/a8795f3cd289cd958f6396a1b43ba46fa8e22a2e	Patch
https://git.kernel.org/stable/c/b86280aaa23c1c0f31bcaa600d35ddc45bc38b7a	Patch
https://git.kernel.org/stable/c/edadaf4239c14dc8a19ea7f60b97d5524d93c29b	Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html	Third Party Advisory Mailing List

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-07-09 11:15

Updated : 2025-12-18 17:03

NVD link : CVE-2025-38259

Mitre link : CVE-2025-38259

CVE.ORG link : CVE-2025-38259

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

CWE-416

Use After Free

{"id": "CVE-2025-38259", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-07-09T11:15:28.227", "references": [{"url": "https://git.kernel.org/stable/c/9079db287fc3e38e040b0edeb0a25770bb679c8e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9830ef1803a5bc50b4a984a06cf23142cd46229d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a8795f3cd289cd958f6396a1b43ba46fa8e22a2e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b86280aaa23c1c0f31bcaa600d35ddc45bc38b7a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/edadaf4239c14dc8a19ea7f60b97d5524d93c29b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "tags": ["Third Party Advisory", "Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd9335: Fix missing free of regulator supplies\n\nDriver gets and enables all regulator supplies in probe path\n(wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup\nin final error paths and in unbind (missing remove() callback). This\nleads to leaked memory and unbalanced regulator enable count during\nprobe errors or unbind.\n\nFix this by converting entire code into devm_regulator_bulk_get_enable()\nwhich also greatly simplifies the code."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: c\u00f3decs: wcd9335: Se corrige la falta de liberaci\u00f3n de suministros del regulador. El controlador obtiene y habilita todos los suministros del regulador en la ruta de sondeo (wcd9335_parse_dt() y wcd9335_power_on_reset()), pero no realiza la limpieza en las rutas de error finales ni en la desvinculaci\u00f3n (falta la devoluci\u00f3n de llamada remove()). Esto provoca fugas de memoria y un recuento desequilibrado de habilitaciones del regulador durante los errores de sondeo o la desvinculaci\u00f3n. Para solucionar esto, convierta todo el c\u00f3digo a devm_regulator_bulk_get_enable(), lo que tambi\u00e9n simplifica considerablemente el c\u00f3digo."}], "lastModified": "2025-12-18T17:03:11.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACA46B20-3C5B-48CE-A8E6-DB10DBCE6942", "versionEndExcluding": "6.1.143", "versionStartIncluding": "5.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AB3EB1A-48DE-47F4-9202-D0C58A0F6060", "versionEndExcluding": "6.6.96", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BD88DEC-018F-4F40-8E29-A2CA89813EBA", "versionEndExcluding": "6.12.36", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CC768E2-3BBC-4A6E-9C2F-ECB27A703C2D", "versionEndExcluding": "6.15.5", "versionStartIncluding": "6.13"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}