In the Linux kernel, the following vulnerability has been resolved:
regulator: core: fix use_count leakage when handling boot-on
I found a use_count leakage towards supply regulator of rdev with boot-on option.
┌───────────────────┐ ┌───────────────────┐ │ regulator_dev A │ │ regulator_dev B │ │ (boot-on) │ │ (boot-on) │ │ use_count=0 │◀──supply──│ use_count=1 │ │ │ │ │ └───────────────────┘ └───────────────────┘
In case of rdev(A) configured with `regulator-boot-on, the use_count of supplying regulator(B) will increment inside regulator_enable(rdev->supply).
Thus, B will acts like always-on, and further balanced regulator_enable/disable cannot actually disable it anymore.
However, B was also configured with `regulator-boot-on, we wish it could be disabled afterwards.