-

CVE-2025-40346

EPSS 0.04%
Veröffentlicht 16.12.2025 13:30:20
Zuletzt bearbeitet 18.12.2025 15:08:25
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

arch_topology: Fix incorrect error check in topology_parse_cpu_capacity()

Fix incorrect use of PTR_ERR_OR_ZERO() in topology_parse_cpu_capacity()
which causes the code to proceed with NULL clock pointers. The current
logic uses !PTR_ERR_OR_ZERO(cpu_clk) which evaluates to true for both
valid pointers and NULL, leading to potential NULL pointer dereference
in clk_get_rate().

Per include/linux/err.h documentation, PTR_ERR_OR_ZERO(ptr) returns:
"The error code within @ptr if it is an error pointer; 0 otherwise."

This means PTR_ERR_OR_ZERO() returns 0 for both valid pointers AND NULL
pointers. Therefore !PTR_ERR_OR_ZERO(cpu_clk) evaluates to true (proceed)
when cpu_clk is either valid or NULL, causing clk_get_rate(NULL) to be
called when of_clk_get() returns NULL.

Replace with !IS_ERR_OR_NULL(cpu_clk) which only proceeds for valid
pointers, preventing potential NULL pointer dereference in clk_get_rate().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 64da320252e43456cc9ec3055ff567f168467b37

Version b8fe128dad8f97cc9af7c55a264d1fc5ab677195

Status affected

Version < 02fbea0864fd4a863671f5d418129258d7159f68

Version b8fe128dad8f97cc9af7c55a264d1fc5ab677195

Status affected

Version < a77f8434954cb1e9c42c3854e40855fdcf5ab235

Version b8fe128dad8f97cc9af7c55a264d1fc5ab677195

Status affected

Version < 3373f263bb647fcc3b5237cfaef757633b9ee25e

Version b8fe128dad8f97cc9af7c55a264d1fc5ab677195

Status affected

Version < 45379303124487db3a81219af7565d41f498167f

Version b8fe128dad8f97cc9af7c55a264d1fc5ab677195

Status affected

Version < 3a01b2614e84361aa222f67bc628593987e5cdb2

Version b8fe128dad8f97cc9af7c55a264d1fc5ab677195

Status affected

Version < 2eead19334516c8e9927c11b448fbe512b1f18a1

Version b8fe128dad8f97cc9af7c55a264d1fc5ab677195

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.7

Status affected

Version < 5.7

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.246

Status unaffected

Version <= 5.15.*

Version 5.15.196

Status unaffected

Version <= 6.1.*

Version 6.1.158

Status unaffected

Version <= 6.6.*

Version 6.6.115

Status unaffected

Version <= 6.12.*

Version 6.12.56

Status unaffected

Version <= 6.17.*

Version 6.17.6

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.098

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/64da320252e43456cc9ec3055ff567f168467b37

https://git.kernel.org/stable/c/02fbea0864fd4a863671f5d418129258d7159f68

https://git.kernel.org/stable/c/a77f8434954cb1e9c42c3854e40855fdcf5ab235

https://git.kernel.org/stable/c/3373f263bb647fcc3b5237cfaef757633b9ee25e

https://git.kernel.org/stable/c/45379303124487db3a81219af7565d41f498167f

https://git.kernel.org/stable/c/3a01b2614e84361aa222f67bc628593987e5cdb2

https://git.kernel.org/stable/c/2eead19334516c8e9927c11b448fbe512b1f18a1

https://nvd.nist.gov/vuln/detail/CVE-2025-40346

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40346

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40346

EUVD