CVE-2026-45875 Linux CVE debrief

Who should care

System administrators running Linux kernels with MFD Arizona driver support, particularly on embedded systems or devices using the Cirrus Logic WM5102 audio codec. Cloud providers and IoT device manufacturers utilizing affected kernel versions should prioritize patching to prevent potential resource exhaustion from accumulated regulator leaks.

Technical summary

The MFD Arizona driver in the Linux kernel contains a resource leak vulnerability in the wm5102_clear_write_sequencer() function. When this helper function returns an error, the code previously returned directly without executing the cleanup sequence, leaving regulators enabled and causing a resource leak. The vulnerability affects systems using the WM5102 audio codec. The resolution changes the error handling path to jump to the err_reset label, ensuring proper regulator cleanup occurs regardless of whether the write sequencer clearing operation succeeds or fails. Patches have been applied to multiple stable kernel branches.

Defensive priority

medium

Recommended defensive actions

• Apply kernel patches from stable branches when available for your distribution
• Monitor distribution security advisories for kernel updates addressing CVE-2026-45875
• Review systems using WM5102 audio codec for potential resource exhaustion issues
• Consider rebooting affected systems after kernel update to ensure clean regulator state

Evidence notes

The vulnerability description indicates this is a resource leak in regulator management within the MFD Arizona driver. The issue occurs when wm5102_clear_write_sequencer() fails and returns directly without executing cleanup code. The fix involves changing error handling to use the err_reset label for proper resource deallocation. Multiple stable kernel branches received patches as indicated by the git.kernel.org references.

Official resources