CVE-2025-40194 | cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes place too early because the latter subsequently calls freq_qos_update_request() that indirectly accesses the policy object in question through the QoS request object passed to it. Fortunately, update_qos_request() is called under intel_pstate_driver_lock, so this issue does not matter for changing the intel_pstate operation mode, but it theoretically can cause a crash to occur on CPU device hot removal (which currently can only happen in virt, but it is formally supported nevertheless). Address this issue by modifying update_qos_request() to drop the reference to the policy later.

Published: 2025-11-12 Last update: 2026-04-15 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Deferred，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2025-40194 is rated Low Risk (18.2/100): low exploitation likelihood (EPSS 0.06%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-40194

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-04-22	0.04%	0.06%	+0.01%
2	2026-04-10	0.06%	0.04%	-0.02%
3	2025-12-18	—	0.06%	—

Full EPSS history (4 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-40194

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2025-40194

OS Trackers for CVE-2025-40194

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2025-40194 not yet assigned priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6.	https://security-tracker.debian.org/tracker/CVE-2025-40194
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2025-40194
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2025-40194/
`ubuntu`	medium	CVE-2025-40194 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 177, released 158, needed 30, not-affected 27, pending 3.	https://ubuntu.com/security/CVE-2025-40194

Affected software / configurations for CVE-2025-40194

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2025-40194

URL	Tags
https://git.kernel.org/stable/c/0a58d3e77b22b087a57831c87cafd360e144a5bd
https://git.kernel.org/stable/c/15ac9579ebdaf22a37d7f60b3a8efc1029732ef9
https://git.kernel.org/stable/c/57e4a6aadf12578b96a038373cffd54b3a58b092
https://git.kernel.org/stable/c/69a18ff6c60e8e113420f15355fad862cb45d38e
https://git.kernel.org/stable/c/69e5d50fcf4093fb3f9f41c4f931f12c2ca8c467
https://git.kernel.org/stable/c/ad4e8f9bdbef11a19b7cb93e7f313bf59bdcc3b4
https://git.kernel.org/stable/c/ba63d4e9857a72a89e71a4eff9f2cc8c283e94c3
https://git.kernel.org/stable/c/bc26564bcc659beb6d977cd6eb394041ec2f2851

cvelogic Threat Intelligence