5.5

CVE-2025-38610

powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()

In the Linux kernel, the following vulnerability has been resolved:

powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()

The get_pd_power_uw() function can crash with a NULL pointer dereference
when em_cpu_get() returns NULL. This occurs when a CPU becomes impossible
during runtime, causing get_cpu_device() to return NULL, which propagates
through em_cpu_get() and leads to a crash when em_span_cpus() dereferences
the NULL pointer.

Add a NULL check after em_cpu_get() and return 0 if unavailable,
matching the existing fallback behavior in __dtpm_cpu_setup().

[ rjw: Drop an excess empty code line ]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.16 < 6.1.148
LinuxLinux Kernel Version >= 6.2 < 6.6.102
LinuxLinux Kernel Version >= 6.7 < 6.12.42
LinuxLinux Kernel Version >= 6.13 < 6.15.10
LinuxLinux Kernel Version >= 6.16 < 6.16.1
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.041
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/27914f2b795e2b58e9506f281dcdd98fef09d3c2
Patch
https://git.kernel.org/stable/c/27e0318f0ea69fcfa32228847debc384ade14578
Patch
https://git.kernel.org/stable/c/2fd001a0075ac01dc64a28a8e21226b3d989a91d
Patch
https://git.kernel.org/stable/c/46dc57406887dd02565cb264224194a6776d882b
Patch
https://git.kernel.org/stable/c/8374ac7d69a57d737e701a851ffe980a0d27d3ad
Patch
https://git.kernel.org/stable/c/c6ec27091cf5ac05094c1fe3a6ce914cf711a37c
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory