CVE-2025-40194

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-40194
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40194.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-40194
Downstream
Published
2025-11-12T21:56:32.025Z
Modified
2025-11-27T02:33:55.796117Z
Summary
cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()
Details

In the Linux kernel, the following vulnerability has been resolved:

cpufreq: intelpstate: Fix object lifecycle issue in updateqos_request()

The cpufreqcpuput() call in updateqosrequest() takes place too early because the latter subsequently calls freqqosupdate_request() that indirectly accesses the policy object in question through the QoS request object passed to it.

Fortunately, updateqosrequest() is called under intelpstatedriverlock, so this issue does not matter for changing the intelpstate operation mode, but it theoretically can cause a crash to occur on CPU device hot removal (which currently can only happen in virt, but it is formally supported nevertheless).

Address this issue by modifying updateqosrequest() to drop the reference to the policy later.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/cc431b3424123d84bcd7afd4de150b33f117a8ef/cves/2025/40xxx/CVE-2025-40194.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
da5c504c7aae96db68c4b38e2564a88e91842d89
Fixed
15ac9579ebdaf22a37d7f60b3a8efc1029732ef9
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
da5c504c7aae96db68c4b38e2564a88e91842d89
Fixed
bc26564bcc659beb6d977cd6eb394041ec2f2851
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
da5c504c7aae96db68c4b38e2564a88e91842d89
Fixed
ad4e8f9bdbef11a19b7cb93e7f313bf59bdcc3b4
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
da5c504c7aae96db68c4b38e2564a88e91842d89
Fixed
0a58d3e77b22b087a57831c87cafd360e144a5bd
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
da5c504c7aae96db68c4b38e2564a88e91842d89
Fixed
69a18ff6c60e8e113420f15355fad862cb45d38e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
da5c504c7aae96db68c4b38e2564a88e91842d89
Fixed
ba63d4e9857a72a89e71a4eff9f2cc8c283e94c3
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
da5c504c7aae96db68c4b38e2564a88e91842d89
Fixed
57e4a6aadf12578b96a038373cffd54b3a58b092
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
da5c504c7aae96db68c4b38e2564a88e91842d89
Fixed
69e5d50fcf4093fb3f9f41c4f931f12c2ca8c467

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.4.0
Fixed
5.4.301
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.246
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.195
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.157
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.113
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.54
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.17.4