Linux Kernel: regulator lock bug in regulator_resolve_supply (CVE-2026-46252)
CVE-2026-46252 Published on June 3, 2026
regulator: core: fix locking in regulator_resolve_supply() error path
In the Linux kernel, the following vulnerability has been resolved:
regulator: core: fix locking in regulator_resolve_supply() error path
If late enabling of a supply regulator fails in
regulator_resolve_supply(), the code currently triggers a lockdep
warning:
WARNING: drivers/regulator/core.c:2649 at _regulator_put+0x80/0xa0, CPU#6: kworker/u32:4/596
...
Call trace:
_regulator_put+0x80/0xa0 (P)
regulator_resolve_supply+0x7cc/0xbe0
regulator_register_resolve_supply+0x28/0xb8
as the regulator_list_mutex must be held when calling _regulator_put().
To solve this, simply switch to using regulator_put().
While at it, we should also make sure that no concurrent access happens
to our rdev while we clear out the supply pointer. Add appropriate
locking to ensure that.
While the code in question will be removed altogether in a follow-up
commit, I believe it is still beneficial to have this corrected before
removal for future reference.
Products Associated with CVE-2026-46252
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 36a1f1b6ddc6d1442424e29548e790633ca39c7b and below c66e0db0f37290b53c57994f998bb55590364fd0 is affected.
- Version 36a1f1b6ddc6d1442424e29548e790633ca39c7b and below 497330b203d2c59c5ff3fa4c34d14494d7203bc3 is affected.
- Version 4.2 is affected.
- Before 4.2 is unaffected.
- Version 6.19.4, <= 6.19.* is unaffected.
- Version 7.0, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.