| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121630-CVE-2025-68177-5af8@gregkh> Date: Tue, 16 Dec 2025 14:43:38 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68177: cpufreq/longhaul: handle NULL policy in longhaul_exit From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: cpufreq/longhaul: handle NULL policy in longhaul_exit longhaul_exit() was calling cpufreq_cpu_get(0) without checking for a NULL policy pointer. On some systems, this could lead to a NULL dereference and a kernel warning or panic. This patch adds a check using unlikely() and returns early if the policy is NULL. Bugzilla: #219962 The Linux kernel CVE team has assigned CVE-2025-68177 to this issue. Affected and fixed versions =========================== Fixed in 5.4.302 with commit b02352dd2e6cca98777714cc2a27553191df70db Fixed in 5.10.247 with commit 956b56d17a89775e4957bbddefa45cd3c6c71000 Fixed in 5.15.197 with commit 55cf586b9556863e3c2a45460aba71bcb2be5bcd Fixed in 6.1.159 with commit fd93e1d71b3b14443092919be12b1abf08de35eb Fixed in 6.6.117 with commit 8d6791c480f22d6e9a566eaa77336d3d37c5c591 Fixed in 6.12.58 with commit 64adabb6d9d51b7e7c02fe733346a2c4dd738488 Fixed in 6.17.8 with commit 809cf2a7794ca4c14c304b349f4c3ae220701ce4 Fixed in 6.18 with commit 592532a77b736b5153e0c2e4c74aa50af0a352ab Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68177 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/cpufreq/longhaul.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b02352dd2e6cca98777714cc2a27553191df70db https://git.kernel.org/stable/c/956b56d17a89775e4957bbddefa45cd3c6c71000 https://git.kernel.org/stable/c/55cf586b9556863e3c2a45460aba71bcb2be5bcd https://git.kernel.org/stable/c/fd93e1d71b3b14443092919be12b1abf08de35eb https://git.kernel.org/stable/c/8d6791c480f22d6e9a566eaa77336d3d37c5c591 https://git.kernel.org/stable/c/64adabb6d9d51b7e7c02fe733346a2c4dd738488 https://git.kernel.org/stable/c/809cf2a7794ca4c14c304b349f4c3ae220701ce4 https://git.kernel.org/stable/c/592532a77b736b5153e0c2e4c74aa50af0a352ab
Powered by blists - more mailing lists