{"id":"CVE-2025-38027","summary":"regulator: max20086: fix invalid memory access","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: max20086: fix invalid memory access\n\nmax20086_parse_regulators_dt() calls of_regulator_match() using an\narray of struct of_regulator_match allocated on the stack for the\nmatches argument.\n\nof_regulator_match() calls devm_of_regulator_put_matches(), which calls\ndevres_alloc() to allocate a struct devm_of_regulator_matches which will\nbe de-allocated using devm_of_regulator_put_matches().\n\nstruct devm_of_regulator_matches is populated with the stack allocated\nmatches array.\n\nIf the device fails to probe, devm_of_regulator_put_matches() will be\ncalled and will try to call of_node_put() on that stack pointer,\ngenerating the following dmesg entries:\n\nmax20086 6-0028: Failed to read DEVICE_ID reg: -121\nkobject: '\\xc0$\\xa5\\x03' (000000002cebcb7a): is not initialized, yet\nkobject_put() is being called.\n\nFollowed by a stack trace matching the call flow described above.\n\nSwitch to allocating the matches array using devm_kcalloc() to\navoid accessing the stack pointer long after it's out of scope.\n\nThis also has the advantage of allowing multiple max20086 to probe\nwithout overriding the data stored inside the global of_regulator_match.","modified":"2026-04-02T12:47:45.051793Z","published":"2025-06-18T09:28:32.546Z","related":["SUSE-SU-2025:02249-1","SUSE-SU-2025:02254-1","SUSE-SU-2025:02307-1","SUSE-SU-2025:02333-1","SUSE-SU-2025:02335-1","SUSE-SU-2025:02538-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:20475-1","SUSE-SU-2025:20483-1","SUSE-SU-2025:20493-1","SUSE-SU-2025:20498-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38027.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/5578ab04bd7732f470fc614bbc0a924900399fb8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6b0cd72757c69bc2d45da42b41023e288d02e772"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6ba30f7aa2c550b2ac04f16b81a19a8c045b8660"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7bddac8603d4e396872c2fbf4403ec08e7b1d7c8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d2a9a92bb4cc7568cff68241b0051dc7268bdc68"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38027.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38027"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"bfff546aae50ae68ed395bf0e0848188d27b0ba3"},{"fixed":"6ba30f7aa2c550b2ac04f16b81a19a8c045b8660"},{"fixed":"7bddac8603d4e396872c2fbf4403ec08e7b1d7c8"},{"fixed":"d2a9a92bb4cc7568cff68241b0051dc7268bdc68"},{"fixed":"5578ab04bd7732f470fc614bbc0a924900399fb8"},{"fixed":"6b0cd72757c69bc2d45da42b41023e288d02e772"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38027.json"}}],"schema_version":"1.7.5"}