| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091224-CVE-2025-39799-768d@gregkh>
Date: Fri, 12 Sep 2025 17:59:29 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-39799: ACPI: processor: perflib: Move problematic pr->performance check
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
ACPI: processor: perflib: Move problematic pr->performance check
Commit d33bd88ac0eb ("ACPI: processor: perflib: Fix initial _PPC limit
application") added a pr->performance check that prevents the frequency
QoS request from being added when the given processor has no performance
object. Unfortunately, this causes a WARN() in freq_qos_remove_request()
to trigger on an attempt to take the given CPU offline later because the
frequency QoS object has not been added for it due to the missing
performance object.
Address this by moving the pr->performance check before calling
acpi_processor_get_platform_limit() so it only prevents a limit from
being set for the CPU if the performance object is not present. This
way, the frequency QoS request is added as it was before the above
commit and it is present all the time along with the CPU's cpufreq
policy regardless of whether or not the CPU is online.
The Linux kernel CVE team has assigned CVE-2025-39799 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.17-rc1 with commit d33bd88ac0ebb49e7f7c8f29a8c7ee9eae85d765 and fixed in 6.17-rc2 with commit d405ec23df13e6df599f5bd965a55d13420366b8
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-39799
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/acpi/processor_perflib.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/cb4b5f4a1e778f6a20d06d4eda6842714a817618
https://git.kernel.org/stable/c/fc36403e741d7674a44632313db33fa7605cb2b4
https://git.kernel.org/stable/c/edc065c19257adfd9c356178dac021df661e169e
https://git.kernel.org/stable/c/fd9cad6b0676e0bb3a98ee0a8865a86e2f53eb07
https://git.kernel.org/stable/c/19849010c9e18d54375091864a3313fc328d6186
https://git.kernel.org/stable/c/bf2809541497749c4f2646b87bf75244f5a2a5d9
https://git.kernel.org/stable/c/8972d7dbdac029c9dbf62a45d7d8c71999785765
https://git.kernel.org/stable/c/31ee723d6fc581b76396994a96b85be3e87f67d6
https://git.kernel.org/stable/c/d405ec23df13e6df599f5bd965a55d13420366b8
Powered by blists - more mailing lists