Описание
In the Linux kernel, the following vulnerability has been resolved:
ACPI: processor: perflib: Move problematic pr->performance check
Commit d33bd88ac0eb ("ACPI: processor: perflib: Fix initial _PPC limit application") added a pr->performance check that prevents the frequency QoS request from being added when the given processor has no performance object. Unfortunately, this causes a WARN() in freq_qos_remove_request() to trigger on an attempt to take the given CPU offline later because the frequency QoS object has not been added for it due to the missing performance object.
Address this by moving the pr->performance check before calling acpi_processor_get_platform_limit() so it only prevents a limit from being set for the CPU if the performance object is not present. This way, the frequency QoS request is added as it was before the above commit and it is present all the time along with the CPU's cpufreq policy regardless of whether or not the CPU is online.
In the Linux kernel, the following vulnerability has been resolved:
ACPI: processor: perflib: Move problematic pr->performance check
Commit d33bd88ac0eb ("ACPI: processor: perflib: Fix initial _PPC limit application") added a pr->performance check that prevents the frequency QoS request from being added when the given processor has no performance object. Unfortunately, this causes a WARN() in freq_qos_remove_request() to trigger on an attempt to take the given CPU offline later because the frequency QoS object has not been added for it due to the missing performance object.
Address this by moving the pr->performance check before calling acpi_processor_get_platform_limit() so it only prevents a limit from being set for the CPU if the performance object is not present. This way, the frequency QoS request is added as it was before the above commit and it is present all the time along with the CPU's cpufreq policy regardless of whether or not the CPU is online.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-39799
- https://git.kernel.org/stable/c/19849010c9e18d54375091864a3313fc328d6186
- https://git.kernel.org/stable/c/31ee723d6fc581b76396994a96b85be3e87f67d6
- https://git.kernel.org/stable/c/8972d7dbdac029c9dbf62a45d7d8c71999785765
- https://git.kernel.org/stable/c/bf2809541497749c4f2646b87bf75244f5a2a5d9
- https://git.kernel.org/stable/c/cb4b5f4a1e778f6a20d06d4eda6842714a817618
- https://git.kernel.org/stable/c/d405ec23df13e6df599f5bd965a55d13420366b8
- https://git.kernel.org/stable/c/edc065c19257adfd9c356178dac021df661e169e
- https://git.kernel.org/stable/c/fc36403e741d7674a44632313db33fa7605cb2b4
- https://git.kernel.org/stable/c/fd9cad6b0676e0bb3a98ee0a8865a86e2f53eb07
CVE ID
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
ACPI: processor: perflib: Move problematic pr->performance check
ELSA-2025-20662: Unbreakable Enterprise kernel security update (IMPORTANT)