ghsa-3x2h-jpxc-pv8r
Vulnerability from github
Published
2025-09-12 18:31
Modified
2025-09-12 18:31
Details

In the Linux kernel, the following vulnerability has been resolved:

ACPI: processor: perflib: Move problematic pr->performance check

Commit d33bd88ac0eb ("ACPI: processor: perflib: Fix initial _PPC limit application") added a pr->performance check that prevents the frequency QoS request from being added when the given processor has no performance object. Unfortunately, this causes a WARN() in freq_qos_remove_request() to trigger on an attempt to take the given CPU offline later because the frequency QoS object has not been added for it due to the missing performance object.

Address this by moving the pr->performance check before calling acpi_processor_get_platform_limit() so it only prevents a limit from being set for the CPU if the performance object is not present. This way, the frequency QoS request is added as it was before the above commit and it is present all the time along with the CPU's cpufreq policy regardless of whether or not the CPU is online.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-39799"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-12T16:15:34Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: processor: perflib: Move problematic pr-\u003eperformance check\n\nCommit d33bd88ac0eb (\"ACPI: processor: perflib: Fix initial _PPC limit\napplication\") added a pr-\u003eperformance check that prevents the frequency\nQoS request from being added when the given processor has no performance\nobject.  Unfortunately, this causes a WARN() in freq_qos_remove_request()\nto trigger on an attempt to take the given CPU offline later because the\nfrequency QoS object has not been added for it due to the missing\nperformance object.\n\nAddress this by moving the pr-\u003eperformance check before calling\nacpi_processor_get_platform_limit() so it only prevents a limit from\nbeing set for the CPU if the performance object is not present.  This\nway, the frequency QoS request is added as it was before the above\ncommit and it is present all the time along with the CPU\u0027s cpufreq\npolicy regardless of whether or not the CPU is online.",
  "id": "GHSA-3x2h-jpxc-pv8r",
  "modified": "2025-09-12T18:31:10Z",
  "published": "2025-09-12T18:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39799"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/19849010c9e18d54375091864a3313fc328d6186"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/31ee723d6fc581b76396994a96b85be3e87f67d6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8972d7dbdac029c9dbf62a45d7d8c71999785765"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bf2809541497749c4f2646b87bf75244f5a2a5d9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cb4b5f4a1e778f6a20d06d4eda6842714a817618"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d405ec23df13e6df599f5bd965a55d13420366b8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/edc065c19257adfd9c356178dac021df661e169e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fc36403e741d7674a44632313db33fa7605cb2b4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fd9cad6b0676e0bb3a98ee0a8865a86e2f53eb07"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.