CVE-2025-40296

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to a double free of a GPIO device during unregistration. Specifically, the regulator unregister() function already frees the associated GPIO device, and a redundant release during unregistration causes this issue. This can lead to random failures, particularly when other drivers attempt to allocate interrupts, as observed on ThinkPad X9 (Lunar Lake) systems. The root cause is an unexpected drop in the reference count of the pinctrl intel platform module when the driver defers its probe. The issue can also be reproduced by directly unloading the module. The vulnerable function is regulator unregister().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.