CVE-2025-68739

In the Linux kernel, a potential use-after-free (UAF) vulnerability was identified in the hisi devfreq driver's OPP handling. The issue arises from incorrect ordering of resource acquisition and release, specifically when calling dev_pm_opp_put(opp) before ensuring all required data is properly acquired [1]. This violates the expected sequence and can lead to a use-after-free condition.

The vulnerability can be triggered when the devfreq subsystem processes OPP (Operating Performance Points) operations. An attacker with local access and sufficient privileges could potentially exploit this by manipulating device frequency scaling operations, leading to premature freeing of memory that is still in use [1].

If exploited, the UAF could result in system crashes, denial of service, or potentially arbitrary code execution in kernel context. The exact impact depends on system configuration and the attacker's ability to control the freed memory.

The fix has been applied in the Linux kernel stable tree as commit efb028b07f7b [1]. Users are advised to update to the latest kernel version to mitigate this vulnerability. No workaround is currently available other than applying the patch.