CVE-2025-37829

MEDIUM

Linux kernel - Null Pointer Dereference

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scpi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference.

References (10)

Core 10

Core References

Mailing List, Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

Mailing List, Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Patch

https://git.kernel.org/stable/c/ad4796f2da495b2cbbd0fccccbcbf63f2aeee613

Patch

https://git.kernel.org/stable/c/fdf035d9c5436536ffcfea0ac6adeb5dda3c3a23

Patch

https://git.kernel.org/stable/c/8fbaa76690f67a7cbad315f89d607b46e3e06ede

Patch

https://git.kernel.org/stable/c/da8ee91e532486055ecf88478d38c2f3dc234182

Patch

https://git.kernel.org/stable/c/19e0eaa62e8831f2bc0285fef3bf8faaa7f3e09b

Patch

https://git.kernel.org/stable/c/28fbd7b13b4d3074b16db913aedc9d8d37ab41e7

Patch

https://git.kernel.org/stable/c/124bddf123311cd1f18bffd63a5d974468d59c67

Patch

https://git.kernel.org/stable/c/73b24dc731731edf762f9454552cb3a5b7224949

Scores

CVSS v3 5.5

EPSS 0.0007

EPSS Percentile 20.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (28)

debian/debian_linux 11.0

linux/Kernel 4.16.0 - 5.4.293linux

linux/Kernel 5.11.0 - 5.15.181linux

linux/Kernel 5.16.0 - 6.1.136linux

linux/Kernel 5.5.0 - 5.10.237linux

linux/Kernel 6.13.0 - 6.14.5linux

linux/Kernel 6.2.0 - 6.6.89linux

linux/Kernel 6.7.0 - 6.12.26linux

Linux/Linux < 4.16

Linux/Linux 343a8d17fa8d6dd97f408e8fedbcef12073f3774 - 124bddf123311cd1f18bffd63a5d974468d59c67

... and 18 more

Published May 08, 2025

Tracked Since Feb 18, 2026