Primary

Context

Linux Kernel Cpufreq Longhaul NULL Pointer Dereference Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's cpufreq longhaul driver could lead to a NULL pointer dereference, causing a kernel warning or panic. This issue arises because the longhaul_exit function calls cpufreq_cpu_get(0) without verifying if the policy pointer is NULL. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a NULL pointer dereference, causing a kernel warning or panic.

Reproduction

The vulnerability can be reproduced by loading the cpufreq longhaul driver and then unloading it. The longhaul_exit function will be called, which triggers the NULL pointer dereference if the policy is not properly initialized.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: Dec 16, 2025, 5:03 PM

Updated: Dec 16, 2025, 5:03 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

7.7

relevance

1.4

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

7.7

relevance

1.4

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Cpufreq Longhaul NULL Pointer Dereference Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating