CVE-2025-38535

In the Linux kernel, the following vulnerability has been resolved:

phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode

When transitioning from USB_ROLE_DEVICE to USB_ROLE_NONE, the code
assumed that the regulator should be disabled. However, if the regulator
is marked as always-on, regulator_is_enabled() continues to return true,
leading to an incorrect attempt to disable a regulator which is not
enabled.

This can result in warnings such as:

[  250.155624] WARNING: CPU: 1 PID: 7326 at drivers/regulator/core.c:3004
_regulator_disable+0xe4/0x1a0
[  250.155652] unbalanced disables for VIN_SYS_5V0

To fix this, we move the regulator control logic into
tegra186_xusb_padctl_id_override() function since it's directly related
to the ID override state. The regulator is now only disabled when the role
transitions from USB_ROLE_HOST to USB_ROLE_NONE, by checking the VBUS_ID
register. This ensures that regulator enable/disable operations are
properly balanced and only occur when actually transitioning to/from host
mode.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.153-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.48-1
fixed
forky
6.16.8-1
fixed
sid
6.16.9-1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/1bb85b5c2bd43b687c3d54eb6328917f90dd38fc
https://git.kernel.org/stable/c/5367cdeb75cb6c687ca468450bceb2602ab239d8
https://git.kernel.org/stable/c/cdcb0ffd6448f6be898956913a42bd08e59fb2ae
https://git.kernel.org/stable/c/ceb645ac6ce052609ee5c8f819a80e8881789b04
https://git.kernel.org/stable/c/cefc1caee9dd06c69e2d807edc5949b329f52b22
https://git.kernel.org/stable/c/eaa420339658615d26c1cc95cd6cf720b9aebfca
https://git.kernel.org/stable/c/ec7f98ff05f0649af0adeb4808c7ba23d6111ef9