5.5

CVE-2025-38609

PM / devfreq: Check governor before using governor->name

In the Linux kernel, the following vulnerability has been resolved:

PM / devfreq: Check governor before using governor->name

Commit 96ffcdf239de ("PM / devfreq: Remove redundant governor_name from
struct devfreq") removes governor_name and uses governor->name to replace
it. But devfreq->governor may be NULL and directly using
devfreq->governor->name may cause null pointer exception. Move the check of
governor to before using governor->name.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.11 < 5.15.190
LinuxLinux Kernel Version >= 5.16 < 6.1.148
LinuxLinux Kernel Version >= 6.2 < 6.6.102
LinuxLinux Kernel Version >= 6.7 < 6.12.42
LinuxLinux Kernel Version >= 6.13 < 6.15.10
LinuxLinux Kernel Version >= 6.16 < 6.16.1
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.041
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/2731c68f536fddcb71332db7f8d78c5eb4684c04
Patch
https://git.kernel.org/stable/c/631e101728df2a86b8fb761b49fad9712c651f8a
Patch
https://git.kernel.org/stable/c/75323a49aa603cf5484a6d74d0d329e86d756e11
Patch
https://git.kernel.org/stable/c/81f50619370045120c133bfdda5b320c8c97d41e
Patch
https://git.kernel.org/stable/c/bab7834c03820eb11269bc48f07c3800192460d2
Patch
https://git.kernel.org/stable/c/d5632359dbc44862fc1ed04093c1f57529830261
Patch
https://git.kernel.org/stable/c/f0479e878d4beb45e73c03e574c59f0a23ccd176
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory