{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-22095", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-29T08:45:45.818Z", "datePublished": "2025-04-16T14:12:46.226Z", "dateUpdated": "2025-11-03T19:42:11.748Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-26T05:18:21.435Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: brcmstb: Fix error path after a call to regulator_bulk_get()\n\nIf the regulator_bulk_get() returns an error and no regulators\nare created, we need to set their number to zero.\n\nIf we don't do this and the PCIe link up fails, a call to the\nregulator_bulk_free() will result in a kernel panic.\n\nWhile at it, print the error value, as we cannot return an error\nupwards as the kernel will WARN() on an error from add_bus().\n\n[kwilczynski: commit log, use comma in the message to match style with\nother similar messages]"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pci/controller/pcie-brcmstb.c"], "versions": [{"version": "9e6be018b26347c26a93e63fb50a37ee2c9311de", "lessThan": "99a0efba9f903acbdece548862b6b4cbe7d999e1", "status": "affected", "versionType": "git"}, {"version": "9e6be018b26347c26a93e63fb50a37ee2c9311de", "lessThan": "eedd054834930b8d678f0776cd4b091b8fffbb4a", "status": "affected", "versionType": "git"}, {"version": "9e6be018b26347c26a93e63fb50a37ee2c9311de", "lessThan": "df63321a40cc98e52313cffbff376b8ae9ceffa7", "status": "affected", "versionType": "git"}, {"version": "9e6be018b26347c26a93e63fb50a37ee2c9311de", "lessThan": "7842e842a9bf6bd5866c84f588353711d131ab1a", "status": "affected", "versionType": "git"}, {"version": "9e6be018b26347c26a93e63fb50a37ee2c9311de", "lessThan": "6f44e1fdb006db61394aa4d4c25728ada00842e7", "status": "affected", "versionType": "git"}, {"version": "9e6be018b26347c26a93e63fb50a37ee2c9311de", "lessThan": "3651ad5249c51cf7eee078e12612557040a6bdb4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pci/controller/pcie-brcmstb.c"], "versions": [{"version": "6.0", "status": "affected"}, {"version": "0", "lessThan": "6.0", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.134", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.87", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.23", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13.11", "lessThanOrEqual": "6.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14.2", "lessThanOrEqual": "6.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.1.134"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.6.87"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.12.23"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.13.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.14.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.15"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/99a0efba9f903acbdece548862b6b4cbe7d999e1"}, {"url": "https://git.kernel.org/stable/c/eedd054834930b8d678f0776cd4b091b8fffbb4a"}, {"url": "https://git.kernel.org/stable/c/df63321a40cc98e52313cffbff376b8ae9ceffa7"}, {"url": "https://git.kernel.org/stable/c/7842e842a9bf6bd5866c84f588353711d131ab1a"}, {"url": "https://git.kernel.org/stable/c/6f44e1fdb006db61394aa4d4c25728ada00842e7"}, {"url": "https://git.kernel.org/stable/c/3651ad5249c51cf7eee078e12612557040a6bdb4"}], "title": "PCI: brcmstb: Fix error path after a call to regulator_bulk_get()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:42:11.748Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B65B69C-B52B-4CD1-AEB5-C1EBC486B174", "versionEndExcluding": "6.1.134", "versionStartIncluding": "6.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFF24260-49B1-4251-9477-C564CFDAD25B", "versionEndExcluding": "6.6.87", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "26CAB76D-F00F-43CE-BEAD-7097F8FB1D6C", "versionEndExcluding": "6.12.23", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7E864B0-8C00-4679-BA55-659B4C9C3AD3", "versionEndExcluding": "6.13.11", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0", "versionEndExcluding": "6.14.2", "versionStartIncluding": "6.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: brcmstb: Fix error path after a call to regulator_bulk_get()\n\nIf the regulator_bulk_get() returns an error and no regulators\nare created, we need to set their number to zero.\n\nIf we don't do this and the PCIe link up fails, a call to the\nregulator_bulk_free() will result in a kernel panic.\n\nWhile at it, print the error value, as we cannot return an error\nupwards as the kernel will WARN() on an error from add_bus().\n\n[kwilczynski: commit log, use comma in the message to match style with\nother similar messages]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: brcmstb: Correcci\u00f3n de la ruta de error tras una llamada a regulator_bulk_get(). Si regulator_bulk_get() devuelve un error y no se crean reguladores, debemos establecer su n\u00famero en cero. Si no lo hacemos y falla la conexi\u00f3n PCIe, una llamada a regulator_bulk_free() provocar\u00e1 un p\u00e1nico del kernel. Mientras tanto, imprima el valor del error, ya que no podemos devolver un error hacia arriba, ya que el kernel emitir\u00e1 una advertencia WARN() en caso de un error de add_bus(). [kwilczynski: registro de confirmaciones, usar coma en el mensaje para que coincida con el estilo de otros mensajes similares]"}], "id": "CVE-2025-22095", "lastModified": "2025-11-03T20:17:44.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-16T15:16:03.830", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3651ad5249c51cf7eee078e12612557040a6bdb4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6f44e1fdb006db61394aa4d4c25728ada00842e7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7842e842a9bf6bd5866c84f588353711d131ab1a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/99a0efba9f903acbdece548862b6b4cbe7d999e1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/df63321a40cc98e52313cffbff376b8ae9ceffa7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/eedd054834930b8d678f0776cd4b091b8fffbb4a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: PCI: brcmstb: Fix error path after a call to regulator_bulk_get()", "id": "2360293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360293"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nPCI: brcmstb: Fix error path after a call to regulator_bulk_get()\nIf the regulator_bulk_get() returns an error and no regulators\nare created, we need to set their number to zero.\nIf we don't do this and the PCIe link up fails, a call to the\nregulator_bulk_free() will result in a kernel panic.\nWhile at it, print the error value, as we cannot return an error\nupwards as the kernel will WARN() on an error from add_bus().\n[kwilczynski: commit log, use comma in the message to match style with\nother similar messages]"], "name": "CVE-2025-22095", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-22095\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-22095\nhttps://lore.kernel.org/linux-cve-announce/2025041619-CVE-2025-22095-7f29@gregkh/T"], "threat_severity": "Low"}