Home Embedded Vulns General Vulns

CVE-2025-38113

Our Analysis: Embedded

Our model has classified this vulnerability as relevant to Embedded Systems, helping your team prioritize efforts effectively.

Published Date July 3, 2025
Last Modified July 3, 2025
CVSS Vector Not Available

Description

In the Linux kernel, the following vulnerability has been resolved:

ACPI: CPPC: Fix NULL pointer dereference when nosmp is used

With nosmp in cmdline, other CPUs are not brought up, leaving
their cpc_desc_ptr NULL. CPU0's iteration via for_each_possible_cpu()
dereferences these NULL pointers, causing panic.

Panic backtrace:

[ 0.401123] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000b8
...
[ 0.403255] [<ffffffff809a5818>] cppc_allow_fast_switch+0x6a/0xd4
...
Kernel panic - not syncing: Attempted to kill init!

[ rjw: New subject ]