Joyyoung Huang

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.10.149 **Description** The vulnerability is related to the devfreq driver in the Linux kernel. It occurs when the governor is frequently switched in a loop, resulting in timer list corruption. This corruption happens because timer cancel is done from two places: one from `cancel delayed work sync()` and the other from `expire timers()`. The issue can be resolved by synchronizing `devfreq monitor [start/stop]` using a polling flag and devfreq lock to prevent delayed work and timer instance corruption. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. If an update is not available, consider applying a patch that synchronizes `devfreq monitor [start/stop]` to prevent timer list corruption. As a temporary workaround, avoid frequently switching the governor in a loop to minimize the risk of exploitation.