{
  "threat_severity" : "Moderate",
  "public_date" : "2025-08-22T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: regulator: core: fix NULL dereference on unbind due to stale coupling data",
    "id" : "2390345",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2390345"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-476",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nregulator: core: fix NULL dereference on unbind due to stale coupling data\nFailing to reset coupling_desc.n_coupled after freeing coupled_rdevs can\nlead to NULL pointer dereference when regulators are accessed post-unbind.\nThis can happen during runtime PM or other regulator operations that rely\non coupling metadata.\nFor example, on ridesx4, unbinding the 'reg-dummy' platform device triggers\na panic in regulator_lock_recursive() due to stale coupling state.\nEnsure n_coupled is set to 0 to prevent access to invalid pointers." ],
  "statement" : "This vulnerability in the regulator core occurs because stale coupling metadata is left behind after unbinding, which can cause a NULL pointer dereference when regulators are later accessed.\nThe CVSS assessment requires PR:H because only a privileged local user (e.g., root or a kernel module with equivalent rights) can unbind regulators or manipulate runtime-PM states that trigger this bug. Such operations are not available to unprivileged users, which significantly limits the attack surface.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-38668\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38668\nhttps://lore.kernel.org/linux-cve-announce/2025082200-CVE-2025-38668-ea82@gregkh/T" ],
  "name" : "CVE-2025-38668",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}