#VU107813 Input validation error in Linux kernel - CVE-2025-22008
Vulnerability identifier: #VU107813
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the regulator_resolve_supply() and _regulator_get_common() functions in drivers/regulator/core.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.12, 6.12.1, 6.12.2, 6.12.3, 6.12.4, 6.12.5, 6.12.6, 6.12.7, 6.12.8, 6.12.9, 6.12.10, 6.12.11, 6.12.12, 6.12.13, 6.12.14, 6.12.15, 6.12.16, 6.12.17, 6.12.18, 6.12.19, 6.12.20
External links
https://git.kernel.org/stable/c/21e3fdf3146f9c63888d6bfabbd553434a5fb93f
https://git.kernel.org/stable/c/270fe5c090f62dfce1cad0f5053e4827a6f50df4
https://git.kernel.org/stable/c/2c7a50bec4958f1d1c84d19cde518d0e96a676fd
https://git.kernel.org/stable/c/3a9c46af5654783f99015727ac65bc2a23e2735a
https://git.kernel.org/stable/c/8e500180904aae63afdce95cb378aeabe119ecda
https://git.kernel.org/stable/c/998b1aae22dca87da392ea35f089406cbef6032d
https://git.kernel.org/stable/c/a99f1254b11eaadd0794b74a8178bad92ab01cae
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.21
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
