How CVE-2025-22009 Works:
This vulnerability occurs in the Linux kernel’s regulator subsystem, specifically involving the ‘dummy’ regulator driver. During system boot, a race condition can occur between the dummy_regulator_probe() and anatop_regulator_probe() functions when executed by different kernel threads (kworker/u4:). The asynchronous probing leads to a NULL pointer dereference in kobject_get() when regulator_resolve_supply() attempts to access the uninitialized ‘dummy_regulator_rdev’. The issue stems from improper synchronization between regulator probe routines, where dependent regulators may attempt to resolve supplies before the dummy regulator completes initialization.
DailyCVE Form:
Platform: Linux Kernel
Version: Pre-5.15.120
Vulnerability: Race Condition
Severity: Medium
Date: 04/10/2025
What Undercode Say:
Exploitation:
1. Trigger parallel regulator probe
2. Force early supply resolution
3. Crash via NULL dereference
// Crash trigger concept
while (1) {
request_module("dummy-regulator");
request_module("anatop-regulator");
}
Protection:
1. Apply kernel patch
2. Use synchronous probing
3. Update to fixed version
Check if vulnerable grep "dummy_regulator_probe" /proc/kallsyms dmesg | grep "regulator_resolve_supply"
Patch Analysis:
- module_init(dummy_regulator_init); + module_init_sync(dummy_regulator_init);
Debug Commands:
Monitor regulator probes trace-cmd record -e regulator_probe -e regulator_resolve_supply
Kconfig Fix:
CONFIG_REGULATOR_DUMMY=y CONFIG_REGULATOR_DUMMY_SYNC=y
Runtime Check:
if (!dummy_regulator_rdev) {
msleep(100);
}
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-22009
Extra Source Hub:
Undercode
