CVE-2025-40194

NONE EPSS 6.8%
Published Nov 12, 20257mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Nov 12, 2025 7mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes place too early because the latter subsequently calls freq_qos_update_request() that indirectly accesses the policy object in question through the QoS request object passed to it. Fortunately, update_qos_request() is called under intel_pstate_driver_lock, so this issue does not matter for changing the intel_pstate operation mode, but it theoretically can cause a crash to occur on CPU device hot removal (which currently can only happen in virt, but it is formally supported nevertheless). Address this issue by modifying update_qos_request() to drop the reference to the policy later.

Threat Intelligence

EPSS Exploit Probability
6.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 8

  • git.kernel.org https://git.kernel.org/stable/c/0a58d3e77b22b087a57831c87cafd360e144a5bd
  • git.kernel.org https://git.kernel.org/stable/c/15ac9579ebdaf22a37d7f60b3a8efc1029732ef9
  • git.kernel.org https://git.kernel.org/stable/c/57e4a6aadf12578b96a038373cffd54b3a58b092
  • git.kernel.org https://git.kernel.org/stable/c/69a18ff6c60e8e113420f15355fad862cb45d38e
  • git.kernel.org https://git.kernel.org/stable/c/69e5d50fcf4093fb3f9f41c4f931f12c2ca8c467
  • git.kernel.org https://git.kernel.org/stable/c/ad4e8f9bdbef11a19b7cb93e7f313bf59bdcc3b4
  • git.kernel.org https://git.kernel.org/stable/c/ba63d4e9857a72a89e71a4eff9f2cc8c283e94c3
  • git.kernel.org https://git.kernel.org/stable/c/bc26564bcc659beb6d977cd6eb394041ec2f2851

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.