1. Home
  2. Vulnerabilities
  3. CVE-2025-40194
0.0
NA
CVE-2025-40194
cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()
Description

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes place too early because the latter subsequently calls freq_qos_update_request() that indirectly accesses the policy object in question through the QoS request object passed to it. Fortunately, update_qos_request() is called under intel_pstate_driver_lock, so this issue does not matter for changing the intel_pstate operation mode, but it theoretically can cause a crash to occur on CPU device hot removal (which currently can only happen in virt, but it is formally supported nevertheless). Address this issue by modifying update_qos_request() to drop the reference to the policy later.

INFO

Published Date :

Nov. 12, 2025, 10:15 p.m.

Last Modified :

Nov. 12, 2025, 10:15 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2025-40194 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
Solution
Modify update_qos_request to delay policy object reference drop.
  • Update the cpufreq driver code.
  • Modify update_qos_request function.
  • Delay the cpufreq_cpu_put call.
  • Drop policy reference later in update_qos_request.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-40194.

URL Resource
https://git.kernel.org/stable/c/0a58d3e77b22b087a57831c87cafd360e144a5bd
https://git.kernel.org/stable/c/15ac9579ebdaf22a37d7f60b3a8efc1029732ef9
https://git.kernel.org/stable/c/57e4a6aadf12578b96a038373cffd54b3a58b092
https://git.kernel.org/stable/c/69a18ff6c60e8e113420f15355fad862cb45d38e
https://git.kernel.org/stable/c/69e5d50fcf4093fb3f9f41c4f931f12c2ca8c467
https://git.kernel.org/stable/c/ad4e8f9bdbef11a19b7cb93e7f313bf59bdcc3b4
https://git.kernel.org/stable/c/ba63d4e9857a72a89e71a4eff9f2cc8c283e94c3
https://git.kernel.org/stable/c/bc26564bcc659beb6d977cd6eb394041ec2f2851
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-40194 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-40194 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-40194 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-40194 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Nov. 12, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes place too early because the latter subsequently calls freq_qos_update_request() that indirectly accesses the policy object in question through the QoS request object passed to it. Fortunately, update_qos_request() is called under intel_pstate_driver_lock, so this issue does not matter for changing the intel_pstate operation mode, but it theoretically can cause a crash to occur on CPU device hot removal (which currently can only happen in virt, but it is formally supported nevertheless). Address this issue by modifying update_qos_request() to drop the reference to the policy later.
    Added Reference https://git.kernel.org/stable/c/0a58d3e77b22b087a57831c87cafd360e144a5bd
    Added Reference https://git.kernel.org/stable/c/15ac9579ebdaf22a37d7f60b3a8efc1029732ef9
    Added Reference https://git.kernel.org/stable/c/57e4a6aadf12578b96a038373cffd54b3a58b092
    Added Reference https://git.kernel.org/stable/c/69a18ff6c60e8e113420f15355fad862cb45d38e
    Added Reference https://git.kernel.org/stable/c/69e5d50fcf4093fb3f9f41c4f931f12c2ca8c467
    Added Reference https://git.kernel.org/stable/c/ad4e8f9bdbef11a19b7cb93e7f313bf59bdcc3b4
    Added Reference https://git.kernel.org/stable/c/ba63d4e9857a72a89e71a4eff9f2cc8c283e94c3
    Added Reference https://git.kernel.org/stable/c/bc26564bcc659beb6d977cd6eb394041ec2f2851
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.