CVE-2025-37829 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scpi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/124bddf123311cd1f18bffd63a5d974468d59c67
https://git.kernel.org/stable/c/19e0eaa62e8831f2bc0285fef3bf8faaa7f3e09b
https://git.kernel.org/stable/c/28fbd7b13b4d3074b16db913aedc9d8d37ab41e7
https://git.kernel.org/stable/c/73b24dc731731edf762f9454552cb3a5b7224949
https://git.kernel.org/stable/c/8fbaa76690f67a7cbad315f89d607b46e3e06ede
https://git.kernel.org/stable/c/ad4796f2da495b2cbbd0fccccbcbf63f2aeee613
https://git.kernel.org/stable/c/da8ee91e532486055ecf88478d38c2f3dc234182
https://git.kernel.org/stable/c/fdf035d9c5436536ffcfea0ac6adeb5dda3c3a23
https://lore.kernel.org/linux-cve-announce/2025050823-CVE-2025-37829-99f4@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-37829
https://www.cve.org/CVERecord?id=CVE-2025-37829

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00035}`	epss `{'score': 0.00036}`

Fri, 09 May 2025 02:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025050823-CVE-2025-37829-99f4@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-37829 https://www.cve.org/CVERecord?id=CVE-2025-37829
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Thu, 08 May 2025 06:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scpi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference.
Title		cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
References		https://git.kernel.org/stable/c/124bddf123311cd1f18bffd63a5d974468d59c67 https://git.kernel.org/stable/c/19e0eaa62e8831f2bc0285fef3bf8faaa7f3e09b https://git.kernel.org/stable/c/28fbd7b13b4d3074b16db913aedc9d8d37ab41e7 https://git.kernel.org/stable/c/73b24dc731731edf762f9454552cb3a5b7224949 https://git.kernel.org/stable/c/8fbaa76690f67a7cbad315f89d607b46e3e06ede https://git.kernel.org/stable/c/ad4796f2da495b2cbbd0fccccbcbf63f2aeee613 https://git.kernel.org/stable/c/da8ee91e532486055ecf88478d38c2f3dc234182 https://git.kernel.org/stable/c/fdf035d9c5436536ffcfea0ac6adeb5dda3c3a23

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-05-08T06:26:21.061Z

Updated: 2025-05-26T05:21:46.989Z

Reserved: 2025-04-16T04:51:23.951Z

Link: CVE-2025-37829

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-05-08T07:15:54.130

Modified: 2025-05-08T14:39:09.683

Link: CVE-2025-37829

Redhat

Severity : Moderate

Publid Date: 2025-05-08T00:00:00Z

Links: CVE-2025-37829 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object