CVE-2025-37831: 
Linux Debian vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2025-37831) was discovered that affects the cpufreq subsystem, specifically in the apple-soc driver. The issue was identified as a null pointer dereference in the applesoccpufreqgetrate() function. This vulnerability was rated as medium severity and affects the Linux kernel's CPU frequency scaling functionality for Apple Silicon processors (Tenable, NVD).

The vulnerability occurs when cpufreqcpugetraw() returns NULL in cases where the target CPU is not present in the policy->cpus mask. The applesoccpufreqget_rate() function does not properly check for this NULL return value before dereferencing the pointer, leading to a potential kernel crash (Tenable).

If exploited, this vulnerability could lead to a denial of service condition through a kernel crash when attempting to read CPU frequency information for non-existent CPU cores on Apple Silicon-based systems (Tenable).

The vulnerability has been resolved in the Linux kernel through a patch that adds proper NULL pointer checking in the applesoccpufreqgetrate() function before attempting to dereference the pointer (Tenable).