regulator: core: fix locking in regulator_resolve_supply() error path
CVE-2026-46252

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 June 2026

What is CVE-2026-46252?

In the Linux kernel, the following vulnerability has been resolved:

regulator: core: fix locking in regulator_resolve_supply() error path

If late enabling of a supply regulator fails in regulator_resolve_supply(), the code currently triggers a lockdep warning:

WARNING: drivers/regulator/core.c:2649 at _regulator_put+0x80/0xa0, CPU#6: kworker/u32:4/596
...
Call trace:
 _regulator_put+0x80/0xa0 (P)
 regulator_resolve_supply+0x7cc/0xbe0
 regulator_register_resolve_supply+0x28/0xb8

as the regulator_list_mutex must be held when calling _regulator_put().

To solve this, simply switch to using regulator_put().

While at it, we should also make sure that no concurrent access happens to our rdev while we clear out the supply pointer. Add appropriate locking to ensure that.

While the code in question will be removed altogether in a follow-up commit, I believe it is still beneficial to have this corrected before removal for future reference.

Affected Version(s)

Linux 36a1f1b6ddc6d1442424e29548e790633ca39c7b

Linux 36a1f1b6ddc6d1442424e29548e790633ca39c7b < 497330b203d2c59c5ff3fa4c34d14494d7203bc3

Linux 4.2

References

https://git.kernel.org/stable/c/c66e0db0f37290b53c57994f9...

https://git.kernel.org/stable/c/497330b203d2c59c5ff3fa4c3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46252 Data

JSON