Use-After-Free Vulnerability in Linux Kernel's Regulator Core
CVE-2022-50616

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2022-50616?

A use-after-free vulnerability has been identified in the Linux kernel's regulator core, specifically related to the resource allocation and device tree (DT) lookup processes. This issue arises due to improper handling of initialization data when a parent device releases resources while the regulator core continues to operate on them. This can lead to instability and exploitation risks as the regulator may attempt to access freed memory regions. A patch has been implemented to address this by allowing the 'regulator_register' API to utilize different devices for both resource allocation and DT lookup, thereby mitigating the risk associated with this vulnerability.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8f3cbcd6b440032ebc7f7d48a1689dcc70a4eb98

References

https://git.kernel.org/stable/c/cb29811d989bcb7ea81ca111c...

https://git.kernel.org/stable/c/b0f25ca1ff9be7abd1679ae7e...

https://git.kernel.org/stable/c/8f3cbcd6b440032ebc7f7d48a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Dec 8, 2025

JSON