CVE-2025-68177

Overview

In the Linux kernel, the longhaul_exit() function in the cpufreq/longhaul driver called cpufreq_cpu_get(0) without first verifying that the returned policy pointer was not NULL. The kernel's official description notes that on some systems this could lead to a NULL pointer dereference, resulting in a kernel warning or panic [1].

Exploitation

To trigger this vulnerability, an attacker would need to be able to unload the longhaul cpufreq driver or cause its exit routine to be invoked. The prerequisite is a system where the longhaul driver is in use and where cpufreq_cpu_get(0) returns NULL pointer dereference) may return NULL. The attack requires local access or the ability to manipulate CPU frequency scaling module states. The bug is reachable through normal module unload sequences when the policy is unexpectedly missing.

Impact

A successful exploitation can cause a denial of service (kernel panic) on affected systems, potentially crashing the machine or causing instability. No privilege escalation is described.

Mitigation

The fix adds a check using the unlikely() macro and returns early if the policy is NULL [1] pointer is NULL. Patched versions are available via the stable kernel trees [1][2][3]. Administrators should update to a kernel version containing the commit.