CVE-2025-38259 in Linuxinfo

Summary

by MITRE • 07/09/2025

In the Linux kernel, the following vulnerability has been resolved:

ASoC: codecs: wcd9335: Fix missing free of regulator supplies

Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup in final error paths and in unbind (missing remove() callback). This leads to leaked memory and unbalanced regulator enable count during probe errors or unbind.

Fix this by converting entire code into devm_regulator_bulk_get_enable() which also greatly simplifies the code.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 05/02/2026

The vulnerability described in CVE-2025-38259 represents a critical resource management flaw within the Linux kernel's audio subsystem, specifically affecting the wcd9335 codec driver used in Qualcomm audio processing units. This issue manifests as a memory leak and regulator imbalance condition that occurs during device initialization and cleanup operations. The wcd9335 codec driver is responsible for managing audio hardware components in various mobile and embedded devices, making this vulnerability particularly concerning for automotive, IoT, and mobile computing environments where audio functionality is integral to system operation.

The technical root cause of this vulnerability lies in improper resource cleanup within the driver's probe and remove functions. During the device probe sequence, the driver executes wcd9335_parse_dt() and wcd9335_power_on_reset() functions that acquire and enable all required regulator supplies. However, the driver fails to implement proper cleanup mechanisms in error paths and during device unbinding operations. This creates a scenario where regulator references remain active while the driver attempts to release resources, leading to unbalanced enable counts and potential memory leaks. The regulator subsystem in Linux maintains reference counts for power supplies, and when these counts become unbalanced, it can result in system instability or power management failures.

The operational impact of this vulnerability extends beyond simple memory consumption issues, as it can lead to system-wide regulator management problems that affect device power consumption and stability. When regulator enable counts become unbalanced, the kernel's power management subsystem may fail to properly control power delivery to audio components, potentially causing unexpected device behavior or complete system lockups. This vulnerability particularly affects systems using the wcd9335 codec in mobile devices, tablets, and embedded systems where audio hardware integration is critical for user experience and device functionality.

The fix implemented for this vulnerability addresses the core issue by converting the entire regulator management code to use devm_regulator_bulk_get_enable() function calls. This approach leverages the kernel's device management framework to automatically handle resource cleanup during driver unloading and error conditions. The devm_regulator_bulk_get_enable() function provides automatic cleanup through the device management subsystem, ensuring that all regulator supplies are properly released when the device is removed or when errors occur during initialization. This solution not only resolves the immediate memory leak and regulator imbalance issues but also significantly simplifies the driver code structure, reducing the potential for similar issues in the future. The fix aligns with best practices for kernel driver development and addresses CWE-404, which covers improper resource release or unbalanced resource management, and follows ATT&CK technique T1547.001 for privilege escalation through kernel vulnerabilities that affect system stability and resource management.

Responsible

Linux

Reservation

04/16/2025

Disclosure

07/09/2025

Moderation

accepted

CPE

ready

EPSS

0.00144

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!