5.5 CVE-2025-38609
Patch
In the Linux kernel, the following vulnerability has been resolved:
PM / devfreq: Check governor before using governor->name
Commit 96ffcdf239de ("PM / devfreq: Remove redundant governor_name from
struct devfreq") removes governor_name and uses governor->name to replace
it. But devfreq->governor may be NULL and directly using
devfreq->governor->name may cause null pointer exception. Move the check of
governor to before using governor->name.
https://nvd.nist.gov/vuln/detail/CVE-2025-38609
Categories
CWE-476
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch
af854a3a-2127-422b-91ae-364da2661108 Patch
| https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 5.11 | < 5.15.190 |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 5.16 | < 6.1.148 |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 6.2 | < 6.6.102 |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 6.7 | < 6.12.42 |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 6.13 | < 6.15.10 |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 6.16 | < 6.16.1 |
| Configuration 2 | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* | ||
REMEDIATION
Patch
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
