CVE-2025-38610
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.1.153-1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a NULL pointer dereference in the Linux kernel's powercap subsystem, specifically in the dtpm_cpu component. The function get_pd_power_uw() can crash when em_cpu_get() returns NULL, which happens if a CPU becomes impossible during runtime. This leads to get_cpu_device() returning NULL, propagating through em_cpu_get(), and causing a crash when em_span_cpus() dereferences the NULL pointer. The fix adds a NULL check after em_cpu_get() to prevent the crash.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash due to a NULL pointer dereference, potentially leading to system instability or denial of service if the affected function is triggered during runtime.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version that includes the fix for this vulnerability, which adds a NULL check in the get_pd_power_uw() function to prevent crashes caused by NULL pointer dereferences. This is the recommended mitigation to avoid system crashes related to this issue.