CVE-2025-37830 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scmi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference. Add NULL check after cpufreq_cpu_get_raw() to prevent this issue.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/484d3f15cc6cbaa52541d6259778e715b2c83c54
https://git.kernel.org/stable/c/4e3d1c1925d8e752992cd893d03d974e6807ac16
https://git.kernel.org/stable/c/7ccfadfb2562337b4f0462a86a9746a6eea89718
https://git.kernel.org/stable/c/cfaca93b8fe317b7faa9af732e0ba8c9081fa018
https://git.kernel.org/stable/c/ea834c90aa7cc80a1b456f7a91432734d5087d16
https://git.kernel.org/stable/c/f9c5423855e3687262d881aeee5cfb3bc8577bff
https://lore.kernel.org/linux-cve-announce/2025050823-CVE-2025-37830-2d36@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-37830
https://www.cve.org/CVERecord?id=CVE-2025-37830

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00035}`	epss `{'score': 0.00036}`

Fri, 09 May 2025 02:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025050823-CVE-2025-37830-2d36@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-37830 https://www.cve.org/CVERecord?id=CVE-2025-37830
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Thu, 08 May 2025 06:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scmi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference. Add NULL check after cpufreq_cpu_get_raw() to prevent this issue.
Title		cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
References		https://git.kernel.org/stable/c/484d3f15cc6cbaa52541d6259778e715b2c83c54 https://git.kernel.org/stable/c/4e3d1c1925d8e752992cd893d03d974e6807ac16 https://git.kernel.org/stable/c/7ccfadfb2562337b4f0462a86a9746a6eea89718 https://git.kernel.org/stable/c/cfaca93b8fe317b7faa9af732e0ba8c9081fa018 https://git.kernel.org/stable/c/ea834c90aa7cc80a1b456f7a91432734d5087d16 https://git.kernel.org/stable/c/f9c5423855e3687262d881aeee5cfb3bc8577bff

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-05-08T06:26:21.736Z

Updated: 2025-05-26T05:21:48.324Z

Reserved: 2025-04-16T04:51:23.951Z

Link: CVE-2025-37830

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-05-08T07:15:54.240

Modified: 2025-05-08T14:39:09.683

Link: CVE-2025-37830

Redhat

Severity : Moderate

Publid Date: 2025-05-08T00:00:00Z

Links: CVE-2025-37830 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object