PT-2025-20360 · Linux+5 · Linux Kernel+5

Published

2025-04-09

·

Updated

2026-05-22

·

CVE-2025-37831

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A null pointer dereference issue was found in the Linux kernel's cpufreq subsystem, specifically in the apple-soc driver. The apple soc cpufreq get rate() function does not check if cpufreq cpu get raw() returns NULL when the target CPU is not present in the policy->cpus mask, resulting in a NULL pointer dereference.
Recommendations As a temporary workaround, consider disabling the apple soc cpufreq get rate() function until a patch is available. Restrict access to the vulnerable cpufreq subsystem to minimize the risk of exploitation. Avoid using the cpufreq cpu get raw() function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-12143
CVE-2025-37831
MGASA-2025-0182
MGASA-2025-0183
OESA-2026-2417
OESA-2026-2418
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:01972-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_01972-1
SUSE-SU-2025_02000-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu