Description

In the Linux kernel, the following vulnerability has been resolved:

PCI: brcmstb: Fix error path after a call to regulator_bulk_get()

If the regulator_bulk_get() returns an error and no regulators
are created, we need to set their number to zero.

If we don't do this and the PCIe link up fails, a call to the
regulator_bulk_free() will result in a kernel panic.

While at it, print the error value, as we cannot return an error
upwards as the kernel will WARN() on an error from add_bus().

[kwilczynski: commit log, use comma in the message to match style with
other similar messages]

Classification

CVE ID: CVE-2025-22095

Affected Products

Vendor: Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 5.04% (scored less or equal to compared to others)

EPSS Date: 2025-04-20 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-22095
https://git.kernel.org/stable/c/99a0efba9f903acbdece548862b6b4cbe7d999e1
https://git.kernel.org/stable/c/eedd054834930b8d678f0776cd4b091b8fffbb4a
https://git.kernel.org/stable/c/df63321a40cc98e52313cffbff376b8ae9ceffa7
https://git.kernel.org/stable/c/7842e842a9bf6bd5866c84f588353711d131ab1a
https://git.kernel.org/stable/c/6f44e1fdb006db61394aa4d4c25728ada00842e7
https://git.kernel.org/stable/c/3651ad5249c51cf7eee078e12612557040a6bdb4

Timeline