CVE-2025-38535
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/08/2025
Last modified:
07/01/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode<br />
<br />
When transitioning from USB_ROLE_DEVICE to USB_ROLE_NONE, the code<br />
assumed that the regulator should be disabled. However, if the regulator<br />
is marked as always-on, regulator_is_enabled() continues to return true,<br />
leading to an incorrect attempt to disable a regulator which is not<br />
enabled.<br />
<br />
This can result in warnings such as:<br />
<br />
[ 250.155624] WARNING: CPU: 1 PID: 7326 at drivers/regulator/core.c:3004<br />
_regulator_disable+0xe4/0x1a0<br />
[ 250.155652] unbalanced disables for VIN_SYS_5V0<br />
<br />
To fix this, we move the regulator control logic into<br />
tegra186_xusb_padctl_id_override() function since it&#39;s directly related<br />
to the ID override state. The regulator is now only disabled when the role<br />
transitions from USB_ROLE_HOST to USB_ROLE_NONE, by checking the VBUS_ID<br />
register. This ensures that regulator enable/disable operations are<br />
properly balanced and only occur when actually transitioning to/from host<br />
mode.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.7 (including) | 5.10.241 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.190 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.147 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.100 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.40 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.8 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1bb85b5c2bd43b687c3d54eb6328917f90dd38fc
- https://git.kernel.org/stable/c/5367cdeb75cb6c687ca468450bceb2602ab239d8
- https://git.kernel.org/stable/c/cdcb0ffd6448f6be898956913a42bd08e59fb2ae
- https://git.kernel.org/stable/c/ceb645ac6ce052609ee5c8f819a80e8881789b04
- https://git.kernel.org/stable/c/cefc1caee9dd06c69e2d807edc5949b329f52b22
- https://git.kernel.org/stable/c/eaa420339658615d26c1cc95cd6cf720b9aebfca
- https://git.kernel.org/stable/c/ec7f98ff05f0649af0adeb4808c7ba23d6111ef9
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html