5.5

CVE-2025-37830

cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()

In the Linux kernel, the following vulnerability has been resolved:

cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()

cpufreq_cpu_get_raw() can return NULL when the target CPU is not present
in the policy->cpus mask. scmi_cpufreq_get_rate() does not check for
this case, which results in a NULL pointer dereference.

Add NULL check after cpufreq_cpu_get_raw() to prevent this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.17 < 5.15.181
LinuxLinux Kernel Version >= 5.16 < 6.1.136
LinuxLinux Kernel Version >= 6.2 < 6.6.89
LinuxLinux Kernel Version >= 6.7 < 6.12.26
LinuxLinux Kernel Version >= 6.13 < 6.14.5
LinuxLinux Kernel Version6.15 Updaterc1
LinuxLinux Kernel Version6.15 Updaterc2
LinuxLinux Kernel Version6.15 Updaterc3
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.052
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/4e3d1c1925d8e752992cd893d03d974e6807ac16
Patch
https://git.kernel.org/stable/c/f9c5423855e3687262d881aeee5cfb3bc8577bff
Patch
https://git.kernel.org/stable/c/ea834c90aa7cc80a1b456f7a91432734d5087d16
Patch
https://git.kernel.org/stable/c/7ccfadfb2562337b4f0462a86a9746a6eea89718
Patch
https://git.kernel.org/stable/c/cfaca93b8fe317b7faa9af732e0ba8c9081fa018
Patch
https://git.kernel.org/stable/c/484d3f15cc6cbaa52541d6259778e715b2c83c54
Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
Third Party Advisory
Mailing List
https://git.kernel.org/stable/c/bd1dcfba72aac4159c1d5e17cd861e702e6c19ac