PT-2025-46751 · Intel+4 · Intel Pstate+4

Published

2025-09-05

·

Updated

2026-05-07

·

CVE-2025-40194

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description An issue exists in the Linux kernel related to the cpufreq subsystem and intel pstate driver. Specifically, a problem with object lifecycle management within the update qos request() function can occur. The cpufreq cpu put() call happens prematurely, potentially leading to a crash during CPU device hot removal, although this is currently limited to virtualized environments. The issue arises because update qos request() calls freq qos update request(), which accesses a policy object through a QoS request object. The problem is mitigated by the intel pstate driver lock during operation mode changes.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Weakness Enumeration

CWE-399

Related Identifiers

AZL-70094
BDU:2025-14579
CVE-2025-40194
DLA-4379-1
DLA-4404-1
OESA-2025-2764
OESA-2025-2765
OESA-2025-2766
OESA-2025-2767
OESA-2025-2769
OPENSUSE-SU-2025:20172-1
SUSE-SU-2025:4393-1
SUSE-SU-2025:4422-1
SUSE-SU-2025:4505-1
SUSE-SU-2025:4516-1
SUSE-SU-2025:4517-1
SUSE-SU-2025:4521-1
SUSE-SU-2026:20012-1
SUSE-SU-2026:20015-1
SUSE-SU-2026:20021-1
SUSE-SU-2026:20039-1
SUSE-SU-2026:20059-1
SUSE-SU-2026:20473-1
SUSE-SU-2026:20496-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8048-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu
Intel Pstate