CVE-2025-38610

MEDIUM EPSS 4.2%
Published Aug 19, 202510mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Aug 19, 2025 10mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() The get_pd_power_uw() function can crash with a NULL pointer dereference when em_cpu_get() returns NULL. This occurs when a CPU becomes impossible during runtime, causing get_cpu_device() to return NULL, which propagates through em_cpu_get() and leads to a crash when em_span_cpus() dereferences the NULL pointer. Add a NULL check after em_cpu_get() and return 0 if unavailable, matching the existing fallback behavior in __dtpm_cpu_setup(). [ rjw: Drop an excess empty code line ]

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥5.16  –  <6.1.148
linuxlinux_kernel*≥6.2  –  <6.6.102
linuxlinux_kernel*≥6.7  –  <6.12.42
linuxlinux_kernel*≥6.13  –  <6.15.10
linuxlinux_kernel*≥6.16  –  <6.16.1
debiandebian_linux11.0any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/27914f2b795e2b58e9506f281dcdd98fef09d3c2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/27e0318f0ea69fcfa32228847debc384ade14578
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2fd001a0075ac01dc64a28a8e21226b3d989a91d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/46dc57406887dd02565cb264224194a6776d882b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8374ac7d69a57d737e701a851ffe980a0d27d3ad
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c6ec27091cf5ac05094c1fe3a6ce914cf711a37c
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/27914f2b795e2b58e9506f281dcdd98fef09d3c2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/27e0318f0ea69fcfa32228847debc384ade14578
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2fd001a0075ac01dc64a28a8e21226b3d989a91d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/46dc57406887dd02565cb264224194a6776d882b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8374ac7d69a57d737e701a851ffe980a0d27d3ad
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c6ec27091cf5ac05094c1fe3a6ce914cf711a37c
    Patch