| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025111245-CVE-2025-40194-d959@gregkh> Date: Wed, 12 Nov 2025 17:00:57 -0500 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40194: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes place too early because the latter subsequently calls freq_qos_update_request() that indirectly accesses the policy object in question through the QoS request object passed to it. Fortunately, update_qos_request() is called under intel_pstate_driver_lock, so this issue does not matter for changing the intel_pstate operation mode, but it theoretically can cause a crash to occur on CPU device hot removal (which currently can only happen in virt, but it is formally supported nevertheless). Address this issue by modifying update_qos_request() to drop the reference to the policy later. The Linux kernel CVE team has assigned CVE-2025-40194 to this issue. Affected and fixed versions =========================== Issue introduced in 5.4 with commit da5c504c7aae96db68c4b38e2564a88e91842d89 and fixed in 5.4.301 with commit 15ac9579ebdaf22a37d7f60b3a8efc1029732ef9 Issue introduced in 5.4 with commit da5c504c7aae96db68c4b38e2564a88e91842d89 and fixed in 5.10.246 with commit bc26564bcc659beb6d977cd6eb394041ec2f2851 Issue introduced in 5.4 with commit da5c504c7aae96db68c4b38e2564a88e91842d89 and fixed in 5.15.195 with commit ad4e8f9bdbef11a19b7cb93e7f313bf59bdcc3b4 Issue introduced in 5.4 with commit da5c504c7aae96db68c4b38e2564a88e91842d89 and fixed in 6.1.157 with commit 0a58d3e77b22b087a57831c87cafd360e144a5bd Issue introduced in 5.4 with commit da5c504c7aae96db68c4b38e2564a88e91842d89 and fixed in 6.6.113 with commit 69a18ff6c60e8e113420f15355fad862cb45d38e Issue introduced in 5.4 with commit da5c504c7aae96db68c4b38e2564a88e91842d89 and fixed in 6.12.54 with commit ba63d4e9857a72a89e71a4eff9f2cc8c283e94c3 Issue introduced in 5.4 with commit da5c504c7aae96db68c4b38e2564a88e91842d89 and fixed in 6.17.4 with commit 57e4a6aadf12578b96a038373cffd54b3a58b092 Issue introduced in 5.4 with commit da5c504c7aae96db68c4b38e2564a88e91842d89 and fixed in 6.18-rc1 with commit 69e5d50fcf4093fb3f9f41c4f931f12c2ca8c467 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40194 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/cpufreq/intel_pstate.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/15ac9579ebdaf22a37d7f60b3a8efc1029732ef9 https://git.kernel.org/stable/c/bc26564bcc659beb6d977cd6eb394041ec2f2851 https://git.kernel.org/stable/c/ad4e8f9bdbef11a19b7cb93e7f313bf59bdcc3b4 https://git.kernel.org/stable/c/0a58d3e77b22b087a57831c87cafd360e144a5bd https://git.kernel.org/stable/c/69a18ff6c60e8e113420f15355fad862cb45d38e https://git.kernel.org/stable/c/ba63d4e9857a72a89e71a4eff9f2cc8c283e94c3 https://git.kernel.org/stable/c/57e4a6aadf12578b96a038373cffd54b3a58b092 https://git.kernel.org/stable/c/69e5d50fcf4093fb3f9f41c4f931f12c2ca8c467
Powered by blists - more mailing lists