CVE-2025-38259

ASoC: codecs: wcd9335: Fix missing free of regulator supplies

Severity Score

7.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path
(wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup
in final error paths and in unbind (missing remove() callback). This
leads to leaked memory and unbalanced regulator enable count during
probe errors or unbind. Fix this by converting entire code into devm_regulator_bulk_get_enable()
which also greatly simplifies the code.

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup in final error paths and in unbind (missing remove() callback). This leads to leaked memory and unbalanced regulator enable count during probe errors or unbind. Fix this by converting entire code into devm_regulator_bulk_get_enable() which also greatly simplifies the code.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-07-09 CVE Published
2025-07-09 CVE Updated
2025-07-09 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/20aedafdf4926e7a957f8b302a18c8fb75c7e332	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/edadaf4239c14dc8a19ea7f60b97d5524d93c29b	2025-07-06
https://git.kernel.org/stable/c/9830ef1803a5bc50b4a984a06cf23142cd46229d	2025-07-06
https://git.kernel.org/stable/c/a8795f3cd289cd958f6396a1b43ba46fa8e22a2e	2025-07-06
https://git.kernel.org/stable/c/b86280aaa23c1c0f31bcaa600d35ddc45bc38b7a	2025-07-06
https://git.kernel.org/stable/c/9079db287fc3e38e040b0edeb0a25770bb679c8e	2025-05-27

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 6.1.143 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.1.143"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 6.6.96 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.6.96"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 6.12.36 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.12.36"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 6.15.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.15.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 6.16-rc1 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.16-rc1"		en		Affected