Linux Kernel Regulator Core Integer Underflow Vulnerability

An integer underflow vulnerability has been identified in the Linux kernel's regulator core. This issue arises when the delay ratio to poll_enabled_time is not an integer, causing the time_remaining variable to underflow and fail to exit its loop as intended. Since the delay can be sourced from the device tree and poll_enabled_time is driver-defined, this underflow can easily occur. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can lead to an infinite loop condition, where the expected exit from the loop is not achieved due to the underflow, potentially causing a denial of service by hanging the process or consuming excessive resources.

Reproduction

The vulnerability can be reproduced by configuring a regulator with a delay value derived from the device tree that, when divided by the poll_enabled_time, results in a non-integer ratio. This setup will cause the time_remaining variable to underflow, allowing the loop to run indefinitely without exiting as expected.

Remediation

The vulnerability has been addressed by modifying the regulator core to use a signed integer for the time_remaining variable, ensuring that the loop correctly exits when the remaining time becomes negative. Users should upgrade to the latest stable version of the Linux kernel where this fix has been applied.