Input validation error in Linux kernel - CVE-2025-22008
Published: April 22, 2025 / Updated: May 10, 2025
Vulnerability identifier: #VU107813
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-22008
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the regulator_resolve_supply() and _regulator_get_common() functions in drivers/regulator/core.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2025-22008
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/21e3fdf3146f9c63888d6bfabbd553434a5fb93f
- https://git.kernel.org/stable/c/270fe5c090f62dfce1cad0f5053e4827a6f50df4
- https://git.kernel.org/stable/c/2c7a50bec4958f1d1c84d19cde518d0e96a676fd
- https://git.kernel.org/stable/c/3a9c46af5654783f99015727ac65bc2a23e2735a
- https://git.kernel.org/stable/c/8e500180904aae63afdce95cb378aeabe119ecda
- https://git.kernel.org/stable/c/998b1aae22dca87da392ea35f089406cbef6032d
- https://git.kernel.org/stable/c/a99f1254b11eaadd0794b74a8178bad92ab01cae
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.21