5.5

CVE-2025-38113

ACPI: CPPC: Fix NULL pointer dereference when nosmp is used

In the Linux kernel, the following vulnerability has been resolved:

ACPI: CPPC: Fix NULL pointer dereference when nosmp is used

With nosmp in cmdline, other CPUs are not brought up, leaving
their cpc_desc_ptr NULL. CPU0's iteration via for_each_possible_cpu()
dereferences these NULL pointers, causing panic.

Panic backtrace:

[    0.401123] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000b8
...
[    0.403255] [<ffffffff809a5818>] cppc_allow_fast_switch+0x6a/0xd4
...
Kernel panic - not syncing: Attempted to kill init!

[ rjw: New subject ]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.19 < 6.1.142
LinuxLinux Kernel Version >= 6.2 < 6.6.94
LinuxLinux Kernel Version >= 6.7 < 6.12.34
LinuxLinux Kernel Version >= 6.13 < 6.15.3
LinuxLinux Kernel Version6.16 Updaterc1
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.052
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/356d09c7f5bf525086002a34f8bae40b134d1611
Patch
https://git.kernel.org/stable/c/c6dad167aade4bf0bef9130f2f149f4249fc4ad0
Patch
https://git.kernel.org/stable/c/32a48db4cf28ea087214c261da8476db218d08bd
Patch
https://git.kernel.org/stable/c/1a677d0ceb4a5d62117b711a8b2e0aee80d33015
Patch
https://git.kernel.org/stable/c/15eece6c5b05e5f9db0711978c3e3b7f1a2cfe12
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory