CVE-2025-68177

longhaulexit() was calling cpufreqcpu_get(0) without checking for a NULL policy pointer. On some systems, this could lead to a NULL dereference and a kernel warning or panic.

This patch adds a check using unlikely() and returns early if the policy is NULL.

Bugzilla: #219962

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68177.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2

Fixed

b02352dd2e6cca98777714cc2a27553191df70db

Fixed

956b56d17a89775e4957bbddefa45cd3c6c71000

Fixed

55cf586b9556863e3c2a45460aba71bcb2be5bcd

Fixed

fd93e1d71b3b14443092919be12b1abf08de35eb

Fixed

8d6791c480f22d6e9a566eaa77336d3d37c5c591

Fixed

64adabb6d9d51b7e7c02fe733346a2c4dd738488

Fixed

809cf2a7794ca4c14c304b349f4c3ae220701ce4

Fixed

592532a77b736b5153e0c2e4c74aa50af0a352ab

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68177.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.10.0

Fixed

5.4.302

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.247

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.197

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.159

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.117

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.58

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.17.8

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68177.json"