CVE-2025-68177

Summary

In the Linux kernel, the following vulnerability has been resolved:

cpufreq/longhaul: handle NULL policy in longhaul_exit

longhaul_exit() was calling cpufreq_cpu_get(0) without checking for a NULL policy pointer. On some systems, this could lead to a NULL dereference and a kernel warning or panic.

This patch adds a check using unlikely() and returns early if the policy is NULL.

Bugzilla: #219962

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 < b02352dd2e6cca98777714cc2a27553191df70dbaffected
LinuxLinuxb43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 < 956b56d17a89775e4957bbddefa45cd3c6c71000affected
LinuxLinuxb43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 < 55cf586b9556863e3c2a45460aba71bcb2be5bcdaffected
LinuxLinuxb43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 < fd93e1d71b3b14443092919be12b1abf08de35ebaffected
LinuxLinuxb43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 < 8d6791c480f22d6e9a566eaa77336d3d37c5c591affected
LinuxLinuxb43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 < 64adabb6d9d51b7e7c02fe733346a2c4dd738488affected
LinuxLinuxb43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 < 809cf2a7794ca4c14c304b349f4c3ae220701ce4affected
LinuxLinuxb43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 < 592532a77b736b5153e0c2e4c74aa50af0a352abaffected
LinuxLinux3.10affected
LinuxLinux0 < 3.10unaffected
LinuxLinux5.4.302 <= 5.4.*unaffected
LinuxLinux5.10.247 <= 5.10.*unaffected
LinuxLinux5.15.197 <= 5.15.*unaffected
LinuxLinux6.1.159 <= 6.1.*unaffected
LinuxLinux6.6.117 <= 6.6.*unaffected
LinuxLinux6.12.58 <= 6.12.*unaffected
LinuxLinux6.17.8 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References