CVE-2025-38113

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38113
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38113.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38113
Downstream
Related
Published
2025-07-03T08:35:22.207Z
Modified
2025-11-28T02:35:37.493417Z
Summary
ACPI: CPPC: Fix NULL pointer dereference when nosmp is used
Details

In the Linux kernel, the following vulnerability has been resolved:

ACPI: CPPC: Fix NULL pointer dereference when nosmp is used

With nosmp in cmdline, other CPUs are not brought up, leaving their cpcdescptr NULL. CPU0's iteration via foreachpossible_cpu() dereferences these NULL pointers, causing panic.

Panic backtrace:

[ 0.401123] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000b8 ... [ 0.403255] [<ffffffff809a5818>] cppcallowfast_switch+0x6a/0xd4 ... Kernel panic - not syncing: Attempted to kill init!

[ rjw: New subject ]

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38113.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3cc30dd00a580ca0c9c0b01639841cfd72d10129
Fixed
356d09c7f5bf525086002a34f8bae40b134d1611
Fixed
c6dad167aade4bf0bef9130f2f149f4249fc4ad0
Fixed
32a48db4cf28ea087214c261da8476db218d08bd
Fixed
1a677d0ceb4a5d62117b711a8b2e0aee80d33015
Fixed
15eece6c5b05e5f9db0711978c3e3b7f1a2cfe12

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.19.0
Fixed
6.1.142
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.94
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.34
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.15.3