CVE-2025-40194

Linux Kernel - Use-After-Free in intel_pstate update_qos_request

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes place too early because the latter subsequently calls freq_qos_update_request() that indirectly accesses the policy object in question through the QoS request object passed to it. Fortunately, update_qos_request() is called under intel_pstate_driver_lock, so this issue does not matter for changing the intel_pstate operation mode, but it theoretically can cause a crash to occur on CPU device hot removal (which currently can only happen in virt, but it is formally supported nevertheless). Address this issue by modifying update_qos_request() to drop the reference to the policy later.

Scores

EPSS 0.0019
EPSS Percentile 9.1%

Details

Status published
Products (25)
linux/Kernel 5.11.0 - 5.15.195linux
linux/Kernel 5.16.0 - 6.1.157linux
linux/Kernel 5.4.0 - 5.4.301linux
linux/Kernel 5.5.0 - 5.10.246linux
linux/Kernel 6.13.0 - 6.17.4linux
linux/Kernel 6.2.0 - 6.6.113linux
linux/Kernel 6.7.0 - 6.12.54linux
Linux/Linux < 5.4
Linux/Linux 5.10.246 - 5.10.*
Linux/Linux 5.15.195 - 5.15.*
... and 15 more
Published Nov 12, 2025
Tracked Since Feb 18, 2026