CVE-2025-38113

ACPI: CPPC: Fix NULL pointer dereference when nosmp is used

Published: 7/3/2025 Last updated: 11/3/2025 Reserved: 4/16/2025

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Fix NULL pointer dereference when nosmp is used With nosmp in cmdline, other CPUs are not brought up, leaving their cpc_desc_ptr NULL. CPU0's iteration via for_each_possible_cpu() dereferences these NULL pointers, causing panic. Panic backtrace: [ 0.401123] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000b8 ... [ 0.403255] [<ffffffff809a5818>] cppc_allow_fast_switch+0x6a/0xd4 ... Kernel panic - not syncing: Attempted to kill init! [ rjw: New subject ]

CNA assigner: Linux (416baaa9-dc9f-4396-8d5f-8c081fb06d67) Requested by: n/a

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (4)

Product	Vendor	Version
Linux	Linux	< 71d58457a8afc650da5d3292a7f7029317654d95
Linux	Linux	<= 1.9.11
Linux	Linux	11.0
Linux	Linux	<= 0.13

CVE-2025-38113

ACPI: CPPC: Fix NULL pointer dereference when nosmp is used

Opam packages affected (27)

Products affected (4)

References (12)