2419931 – (CVE-2025-40296) CVE-2025-40296 kernel: platform/x86: int3472: Fix double free of GPIO device during unregister

Bug 2419931 (CVE-2025-40296) - CVE-2025-40296 kernel: platform/x86: int3472: Fix double free of GPIO device during unregister

Summary: CVE-2025-40296 kernel: platform/x86: int3472: Fix double free of GPIO device ...

Keywords:
Status:	NEW
Alias:	CVE-2025-40296
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-08 07:09 UTC by OSIDB Bzimport
Modified:	2026-01-06 10:15 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-08 07:09:40 UTC

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: int3472: Fix double free of GPIO device during unregister

regulator_unregister() already frees the associated GPIO device. On
ThinkPad X9 (Lunar Lake), this causes a double free issue that leads to
random failures when other drivers (typically Intel THC) attempt to
allocate interrupts. The root cause is that the reference count of the
pinctrl_intel_platform module unexpectedly drops to zero when this
driver defers its probe.

This behavior can also be reproduced by unloading the module directly.

Fix the issue by removing the redundant release of the GPIO device
during regulator unregistration.

Comment 1 Jon Moroney 2025-12-08 18:48:24 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025120818-CVE-2025-40296-0769@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.