CVE-2025-40346
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
arch_topology: Fix incorrect error check in topology_parse_cpu_capacity()
Fix incorrect use of PTR_ERR_OR_ZERO() in topology_parse_cpu_capacity() which causes the code to proceed with NULL clock pointers. The current logic uses !PTR_ERR_OR_ZERO(cpu_clk) which evaluates to true for both valid pointers and NULL, leading to potential NULL pointer dereference in clk_get_rate().
Per include/linux/err.h documentation, PTR_ERR_OR_ZERO(ptr) returns: "The error code within @ptr if it is an error pointer; 0 otherwise."
This means PTR_ERR_OR_ZERO() returns 0 for both valid pointers AND NULL pointers. Therefore !PTR_ERR_OR_ZERO(cpu_clk) evaluates to true (proceed) when cpu_clk is either valid or NULL, causing clk_get_rate(NULL) to be called when of_clk_get() returns NULL.
Replace with !IS_ERR_OR_NULL(cpu_clk) which only proceeds for valid pointers, preventing potential NULL pointer dereference in clk_get_rate().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | b8fe128dad8f97cc9af7c55a264d1fc5ab677195 < 64da320252e43456cc9ec3055ff567f168467b37 | affected |
| Linux | Linux | b8fe128dad8f97cc9af7c55a264d1fc5ab677195 < 02fbea0864fd4a863671f5d418129258d7159f68 | affected |
| Linux | Linux | b8fe128dad8f97cc9af7c55a264d1fc5ab677195 < a77f8434954cb1e9c42c3854e40855fdcf5ab235 | affected |
| Linux | Linux | b8fe128dad8f97cc9af7c55a264d1fc5ab677195 < 3373f263bb647fcc3b5237cfaef757633b9ee25e | affected |
| Linux | Linux | b8fe128dad8f97cc9af7c55a264d1fc5ab677195 < 45379303124487db3a81219af7565d41f498167f | affected |
| Linux | Linux | b8fe128dad8f97cc9af7c55a264d1fc5ab677195 < 3a01b2614e84361aa222f67bc628593987e5cdb2 | affected |
| Linux | Linux | b8fe128dad8f97cc9af7c55a264d1fc5ab677195 < 2eead19334516c8e9927c11b448fbe512b1f18a1 | affected |
| Linux | Linux | 5.7 | affected |
| Linux | Linux | 0 < 5.7 | unaffected |
| Linux | Linux | 5.10.246 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.196 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.158 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.115 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.56 <= 6.12.* | unaffected |
| Linux | Linux | 6.17.6 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/64da320252e43456cc9ec3055ff567f168467b37
- https://git.kernel.org/stable/c/02fbea0864fd4a863671f5d418129258d7159f68
- https://git.kernel.org/stable/c/a77f8434954cb1e9c42c3854e40855fdcf5ab235
- https://git.kernel.org/stable/c/3373f263bb647fcc3b5237cfaef757633b9ee25e
- https://git.kernel.org/stable/c/45379303124487db3a81219af7565d41f498167f
- https://git.kernel.org/stable/c/3a01b2614e84361aa222f67bc628593987e5cdb2
- https://git.kernel.org/stable/c/2eead19334516c8e9927c11b448fbe512b1f18a1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.