Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2025-23137
CVE-2025-23137:
Linux Kernel vulnerability analysis and mitigation
Overview
A vulnerability in the Linux kernel has been identified and assigned CVE-2025-23137. The issue involves a missing NULL pointer check in the amdpstateupdate function within the cpufreq/amd-pstate component. The vulnerability was disclosed on April 16, 2025 (NVD).
Technical details
The vulnerability stems from a failure to verify if the 'policy' pointer is NULL before dereferencing it in the amdpstateupdate function. According to Red Hat's assessment, this vulnerability has been assigned a CVSS v3.1 base score of 5.5, with attack vector being Local (Red Hat).
Impact
The vulnerability could potentially lead to a system crash or denial of service condition when the NULL pointer is dereferenced. The impact is limited to systems using AMD's P-state driver for CPU frequency scaling (Red Hat).
Mitigation and workarounds
The vulnerability has been fixed in various Linux distributions. Debian has marked it as fixed in bullseye (5.10.234-1) and bookworm (6.1.133-1) releases, while it remains vulnerable in trixie and sid versions. Red Hat Enterprise Linux 9 has deferred the fix for both kernel and kernel-rt packages (Debian, Red Hat).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management