CVE-2025-22008: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-22008 is a vulnerability discovered in the Linux kernel related to the dummy regulator component. The vulnerability was disclosed on April 8, 2025, affecting the Linux kernel's regulator subsystem. The issue arises from asynchronous driver probing where there is a possibility that the dummy regulator hasn't been probed before it is accessed (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The technical nature of the vulnerability relates to a timing issue in the driver probing mechanism, specifically affecting the dummy regulator component. The vulnerability is classified under CWE-29 (Red Hat).

The vulnerability primarily affects system availability, as indicated by the CVSS metrics showing high impact on availability (A:H) but no impact on confidentiality (C:N) or integrity (I:N). The local attack vector and low attack complexity suggest that while the vulnerability is significant, it requires local access to exploit (Red Hat).

The vulnerability has been fixed in various Linux distributions. For Debian's stable distribution (bookworm), the fix has been implemented in version 6.1.133-1. Red Hat Enterprise Linux 9 has marked this vulnerability as 'Fix deferred' for both kernel and kernel-rt packages (Debian Security, Red Hat).