GHSA-WR64-83W3-WR39
Vulnerability from github – Published: 2025-12-24 15:30 – Updated: 2025-12-24 15:30In the Linux kernel, the following vulnerability has been resolved:
regulator: core: fix resource leak in regulator_register()
I got some resource leak reports while doing fault injection test:
OF: ERROR: memory leak, expected refcount 1 instead of 100, of_node_get()/of_node_put() unbalanced - destroy cset entry: attach overlay node /i2c/pmic@64/regulators/buck1
unreferenced object 0xffff88810deea000 (size 512): comm "490-i2c-rt5190a", pid 253, jiffies 4294859840 (age 5061.046s) hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff a0 1e 00 a1 ff ff ff ff ................ backtrace: [<00000000d78541e2>] kmalloc_trace+0x21/0x110 [<00000000b343d153>] device_private_init+0x32/0xd0 [<00000000be1f0c70>] device_add+0xb2d/0x1030 [<00000000e3e6344d>] regulator_register+0xaf2/0x12a0 [<00000000e2f5e754>] devm_regulator_register+0x57/0xb0 [<000000008b898197>] rt5190a_probe+0x52a/0x861 [rt5190a_regulator]
unreferenced object 0xffff88810b617b80 (size 32): comm "490-i2c-rt5190a", pid 253, jiffies 4294859904 (age 5060.983s) hex dump (first 32 bytes): 72 65 67 75 6c 61 74 6f 72 2e 32 38 36 38 2d 53 regulator.2868-S 55 50 50 4c 59 00 ff ff 29 00 00 00 2b 00 00 00 UPPLY...)...+... backtrace: [<000000009da9280d>] __kmalloc_node_track_caller+0x44/0x1b0 [<0000000025c6a4e5>] kstrdup+0x3a/0x70 [<00000000790efb69>] create_regulator+0xc0/0x4e0 [<0000000005ed203a>] regulator_resolve_supply+0x2d4/0x440 [<0000000045796214>] regulator_register+0x10b3/0x12a0 [<00000000e2f5e754>] devm_regulator_register+0x57/0xb0 [<000000008b898197>] rt5190a_probe+0x52a/0x861 [rt5190a_regulator]
After calling regulator_resolve_supply(), the 'rdev->supply' is set by set_supply(), after this set, in the error path, the resources need be released, so call regulator_put() to avoid the leaks.
{
"affected": [],
"aliases": [
"CVE-2022-50724"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-24T13:15:59Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: core: fix resource leak in regulator_register()\n\nI got some resource leak reports while doing fault injection test:\n\n OF: ERROR: memory leak, expected refcount 1 instead of 100,\n of_node_get()/of_node_put() unbalanced - destroy cset entry:\n attach overlay node /i2c/pmic@64/regulators/buck1\n\nunreferenced object 0xffff88810deea000 (size 512):\n comm \"490-i2c-rt5190a\", pid 253, jiffies 4294859840 (age 5061.046s)\n hex dump (first 32 bytes):\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\n ff ff ff ff ff ff ff ff a0 1e 00 a1 ff ff ff ff ................\n backtrace:\n [\u003c00000000d78541e2\u003e] kmalloc_trace+0x21/0x110\n [\u003c00000000b343d153\u003e] device_private_init+0x32/0xd0\n [\u003c00000000be1f0c70\u003e] device_add+0xb2d/0x1030\n [\u003c00000000e3e6344d\u003e] regulator_register+0xaf2/0x12a0\n [\u003c00000000e2f5e754\u003e] devm_regulator_register+0x57/0xb0\n [\u003c000000008b898197\u003e] rt5190a_probe+0x52a/0x861 [rt5190a_regulator]\n\nunreferenced object 0xffff88810b617b80 (size 32):\n comm \"490-i2c-rt5190a\", pid 253, jiffies 4294859904 (age 5060.983s)\n hex dump (first 32 bytes):\n 72 65 67 75 6c 61 74 6f 72 2e 32 38 36 38 2d 53 regulator.2868-S\n 55 50 50 4c 59 00 ff ff 29 00 00 00 2b 00 00 00 UPPLY...)...+...\n backtrace:\n [\u003c000000009da9280d\u003e] __kmalloc_node_track_caller+0x44/0x1b0\n [\u003c0000000025c6a4e5\u003e] kstrdup+0x3a/0x70\n [\u003c00000000790efb69\u003e] create_regulator+0xc0/0x4e0\n [\u003c0000000005ed203a\u003e] regulator_resolve_supply+0x2d4/0x440\n [\u003c0000000045796214\u003e] regulator_register+0x10b3/0x12a0\n [\u003c00000000e2f5e754\u003e] devm_regulator_register+0x57/0xb0\n [\u003c000000008b898197\u003e] rt5190a_probe+0x52a/0x861 [rt5190a_regulator]\n\nAfter calling regulator_resolve_supply(), the \u0027rdev-\u003esupply\u0027 is set\nby set_supply(), after this set, in the error path, the resources\nneed be released, so call regulator_put() to avoid the leaks.",
"id": "GHSA-wr64-83w3-wr39",
"modified": "2025-12-24T15:30:32Z",
"published": "2025-12-24T15:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50724"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/35593d60b1622834984c43add7646d4069671aa9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6a03c31d08f95dca9633a552de167b9e625833a8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/90b713aadc1240bf2dd03d610d6c1d016a9123a2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ba62319a42c50e6254e98b3f316464fac8e77968"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c4c64d8abd656b9807b63178750fa91454602b86"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f86b2f216636790d5922458578825e4628fb570f"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.