CVE-2026-46252 Overview
CVE-2026-46252 is a locking defect in the Linux kernel's regulator subsystem. The flaw resides in the regulator_resolve_supply() error path within drivers/regulator/core.c. When late enabling of a supply regulator fails, the code calls _regulator_put() without holding the required regulator_list_mutex. This triggers a lockdep warning and exposes the regulator device (rdev) to concurrent access while its supply pointer is cleared. The defect is a kernel-internal correctness issue affecting power management code paths.
Critical Impact
The locking violation can produce kernel warnings and race conditions during regulator supply resolution, potentially destabilizing power management state on affected systems.
Affected Products
- Linux kernel (mainline) — drivers/regulator/core.c regulator core subsystem
- Stable kernel branches receiving the upstream backport identified by commits 497330b203d2 and c66e0db0f372
- Linux distributions that ship vulnerable stable kernels prior to applying the fix
Discovery Timeline
- 2026-06-03 - CVE-2026-46252 published to NVD
- 2026-06-03 - Last updated in NVD database
Technical Details for CVE-2026-46252
Vulnerability Analysis
The defect is a kernel locking error [CWE-667-class] in the Linux regulator framework. When regulator_resolve_supply() attempts late enabling of a supply regulator and that operation fails, the error path invokes _regulator_put() directly. The internal _regulator_put() helper assumes that callers already hold regulator_list_mutex. The error path violates this contract.
Lockdep detects the missing lock and emits a warning at drivers/regulator/core.c:2649, with the call trace passing through _regulator_put, regulator_resolve_supply, and regulator_register_resolve_supply. Beyond the warning, the code clears the supply pointer on the regulator device without serialization. Concurrent access to the same rdev during this window can read or modify inconsistent state.
The fix switches the error path to the public regulator_put() wrapper, which acquires the mutex. The fix also adds explicit locking around the supply pointer clearing so that no concurrent code path observes a partially updated rdev.
Root Cause
The root cause is an API contract violation. The internal helper _regulator_put() requires regulator_list_mutex to be held by its caller, but the failure handler in regulator_resolve_supply() calls it directly without acquiring the lock. A secondary root cause is the absence of any synchronization protecting the clearing of the supply pointer on rdev.
Attack Vector
This is a kernel correctness defect rather than a remotely reachable vulnerability. Triggering the warning requires a failure during late enable of a supply regulator, which occurs in early device probe paths. There is no published proof-of-concept and no evidence of in-the-wild exploitation. The defect is not listed in the CISA Known Exploited Vulnerabilities catalog.
The vulnerability manifests in kernel power management code. See the Kernel Git Commit Reference for the full patch details.
Detection Methods for CVE-2026-46252
Indicators of Compromise
- Kernel log entries containing WARNING: drivers/regulator/core.c:2649 at _regulator_put
- Call traces referencing regulator_resolve_supply and regulator_register_resolve_supply during boot or device probe
- Unexpected lockdep splats associated with regulator_list_mutex on systems running affected stable kernels
Detection Strategies
- Inventory running kernel versions across the fleet and compare against the stable trees that include commits 497330b203d2 and c66e0db0f372
- Enable CONFIG_PROVE_LOCKING and CONFIG_LOCKDEP on test systems to surface the warning during regulator probe failures
- Parse dmesg and journalctl -k output for the specific warning string and stack frames listed above
Monitoring Recommendations
- Forward kernel ring buffer events to a centralized log platform and alert on WARNING: entries from drivers/regulator/core.c
- Track package and kernel update status across Linux endpoints so that unpatched stable kernels are visible to operators
- Correlate regulator subsystem warnings with device probe failures to identify hardware platforms exercising the affected path
How to Mitigate CVE-2026-46252
Immediate Actions Required
- Apply the stable kernel update containing commits 497330b203d2c59c5ff3fa4c34d14494d7203bc3 and c66e0db0f37290b53c57994f998bb55590364fd0
- Rebuild and redeploy any custom kernels that carry the regulator core code from before the fix
- Subscribe to your Linux distribution's security advisory feed for kernel package updates referencing CVE-2026-46252
Patch Information
The upstream fix replaces the direct call to _regulator_put() in the error path of regulator_resolve_supply() with regulator_put(), which correctly acquires regulator_list_mutex. The patch also introduces locking around clearing the supply pointer on rdev to prevent concurrent access. Refer to the upstream commit c66e0db0f372 and the companion commit 497330b203d2 for the full diff.
Workarounds
- No runtime workaround is available; the defect resides in kernel locking semantics and requires a code change
- On systems where the warning is observed but the kernel cannot be updated immediately, document the affected hardware platforms and avoid configurations that exercise late supply enable failures
- Test the fix in a staging environment before broad rollout, since the surrounding code is scheduled for removal in a follow-up commit
# Verify the running kernel version and check for the fix
uname -r
# On Debian/Ubuntu, update the kernel package
sudo apt update && sudo apt install --only-upgrade linux-image-generic
# On RHEL/Fedora, update the kernel package
sudo dnf update kernel
# Reboot into the patched kernel
sudo systemctl reboot
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
