PT-2025-27699 · Linux+6 · Linux Kernel+6

Published

2025-07-03

·

Updated

2026-05-22

·

CVE-2025-38113

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the ACPI CPPC component. This issue occurs when the nosmp parameter is used in the command line, preventing other CPUs from being brought up and leaving their cpc desc ptr as NULL. As a result, CPU0's iteration via for each possible cpu() dereferences these NULL pointers, causing a kernel panic. The panic backtrace indicates that the issue is related to the cppc allow fast switch() function.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

AZL-64619
BDU:2025-10778
CVE-2025-38113
DLA-4328-1
DSA-5973-1
ECHO-D6B4-CCCC-99BC
MGASA-2025-0218
MGASA-2025-0219
OESA-2026-2417
OESA-2026-2418
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7769-1
USN-7769-2
USN-7769-3
USN-7770-1
USN-7771-1
USN-7789-1
USN-7789-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu