CVE-2025-38535
📋 TL;DR
This vulnerability in the Linux kernel's Tegra XUSB PHY driver causes unbalanced regulator disable operations when transitioning USB roles. It can trigger kernel warnings and potentially cause system instability or crashes. Affects systems using NVIDIA Tegra processors with the affected kernel driver.
💻 Affected Systems
- Linux kernel with Tegra XUSB PHY driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System crash or kernel panic due to regulator subsystem corruption, leading to denial of service and potential data loss.
Likely Case
Kernel warning messages in system logs and potential USB functionality issues, but unlikely to cause full system crashes in most configurations.
If Mitigated
Minor performance impact or warning messages if regulator is marked as always-on, but no security compromise.
🎯 Exploit Status
Exploitation requires physical USB device interaction or privileged access to trigger USB role transitions. No known remote exploitation vectors.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 1bb85b5c2bd43b687c3d54eb6328917f90dd38fc and related fixes
Vendor Advisory: https://git.kernel.org/stable/c/1bb85b5c2bd43b687c3d54eb6328917f90dd38fc
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. For embedded systems: Update the kernel through your board support package or vendor updates. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable USB role switching
linuxPrevent USB role transitions that trigger the vulnerability
echo '0' > /sys/class/udc/*/soft_connect
modprobe -r tegra-xusb-padctl || true
Mark regulator as always-on
linuxConfigure the regulator to stay enabled, avoiding disable attempts
Add 'regulator-always-on' property to the regulator node in device tree
🧯 If You Can't Patch
- Avoid connecting/disconnecting USB devices that trigger role switching
- Monitor system logs for WARNING messages about unbalanced regulator disables
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if Tegra XUSB driver is loaded: 'uname -r' and 'lsmod | grep tegra_xusb'Check Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commits: 'git log --oneline | grep -E "1bb85b5c2bd43b687c3d54eb6328917f90dd38fc|5367cdeb75cb6c687ca468450bceb2602ab239d8"'📡 Detection & Monitoring
Log Indicators:
- WARNING messages about 'unbalanced disables for VIN_SYS_5V0' or '_regulator_disable' in kernel logs
- dmesg | grep -i "unbalanced disables\|regulator_disable"
Network Indicators:
- None - this is a local driver issue
SIEM Query:
source="kernel" AND "unbalanced disables" OR "_regulator_disable"🔗 References
- https://git.kernel.org/stable/c/1bb85b5c2bd43b687c3d54eb6328917f90dd38fc
- https://git.kernel.org/stable/c/5367cdeb75cb6c687ca468450bceb2602ab239d8
- https://git.kernel.org/stable/c/cdcb0ffd6448f6be898956913a42bd08e59fb2ae
- https://git.kernel.org/stable/c/ceb645ac6ce052609ee5c8f819a80e8881789b04
- https://git.kernel.org/stable/c/cefc1caee9dd06c69e2d807edc5949b329f52b22
- https://git.kernel.org/stable/c/eaa420339658615d26c1cc95cd6cf720b9aebfca
- https://git.kernel.org/stable/c/ec7f98ff05f0649af0adeb4808c7ba23d6111ef9
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
