Linux Kernel PMBus Regulator Operations Mutex Protection Vulnerability

A vulnerability exists in the Linux kernel's PMBus regulator operations, specifically in the functions pmbus_regulator_get_voltage(), pmbus_regulator_set_voltage(), and pmbus_regulator_list_voltage(). These functions access PMBus registers and shared data without proper protection, potentially leading to race conditions. While adding mutex protection to these functions can prevent race conditions, it may also cause a deadlock. This is because pmbus_regulator_notify(), which is called during regulator notifications, can be invoked with the mutex already held, creating a conflict. To address this, the notification process has been reworked to use a worker function that operates outside of mutex protection, with events managed through a per-page bitmask. This vulnerability affects several versions of the Linux kernel.

Impact

The lack of mutex protection in PMBus regulator operations can lead to race conditions, where the timing of events can be manipulated, potentially causing unexpected behavior in the system.

Remediation

The vulnerability has been addressed in the Linux kernel by adding mutex protection to the PMBus regulator functions and reworking the notification process to prevent deadlocks. Users should upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.