NULL Pointer Dereference in Linux Kernel Regulator Component
CVE-2025-38668

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38668?

A vulnerability in the Linux kernel's regulator component can cause a NULL pointer dereference due to unhandled coupling metadata. This occurs when the coupling_desc.n_coupled is not reset post-unbind, leading to potential system panics during operations that involve regulators. For instance, in scenarios involving runtime power management, a failure to manage the coupling state correctly can trigger critical errors, impacting system stability and reliability. Developers and system administrators should ensure that n_coupled is properly reset to mitigate access to invalid pointers.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 800a2cfb2df7f96b3fb48910fc595e0215f6b019

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 233d3c54c9620e95193923859ea1d0b0f5d748ca

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5d4261dbb3335221fd9c6e69f909ba79ee6663a7

References

https://git.kernel.org/stable/c/800a2cfb2df7f96b3fb48910f...

https://git.kernel.org/stable/c/233d3c54c9620e95193923859...

https://git.kernel.org/stable/c/5d4261dbb3335221fd9c6e69f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025