Auto-cpufreq 3.0.0, a utility designed for automatic optimization of CPU speed and system power consumption, has been released. The utility monitors laptop battery status, CPU load, CPU temperature, and system activity, and dynamically activates power-saving or high-performance modes based on the situation and selected options. It supports devices with Intel, AMD, and ARM processors. It can be controlled using a GTK-based graphical interface or a command-line utility. The code is written in Python and distributed under the LGPLv3 license.
Supported features include monitoring CPU frequency, load, and temperature; adjusting CPU frequency and power consumption modes based on battery charge, temperature, and system load; and automatically optimizing CPU performance and power consumption. Auto-cpufreq can be used to automatically extend laptop battery life without permanently limiting any features. Unlike the TLP utility, auto-cpufreq not only allows you to set power saving modes while the device is running on battery power, but also temporarily enable the mode. high performance (turbo boost) when an increase in system load is detected.
The new version implements the ability to forcefully enable or disable CPU turbo boost via the GUI and command line ("auto-cpufreq --turbo={never|always|auto}"), regardless of the battery charge level. A battery_device parameter for selecting the battery has also been added to the configuration file, in case the default battery is not automatically detected correctly (available batteries can be found in the /sys/class/power_supply/ directory). A sample configuration file for Nixos has been added.
Also noteworthy is the release of TLP 1.9.1, a utility designed to automatically optimize power consumption and extend battery life for laptops. In addition to managing CPU power-saving modes, the utility supports adaptive enabling and disabling of Bluetooth, NFC, and Wi-Fi. The project's code is written in Shell and Python and is distributed under the GPLv2 license.
The 1.9 branch is notable for the addition of an optional background process, tlp-pd, which enables switching between three power profiles—performance, balanced, and power-saver. This background process can be used as a replacement for the power-profiles-daemon service and supports the D-Bus API used for profile switching in GNOME, KDE, and Cinnamon. The tlpctl utility is also included for switching profiles from the command line and launching individual applications with a specified profile.
The subsequent TLP 1.9.1 patch release fixes a vulnerability (CVE-2025-67859) in the new tlp-pd background process. This vulnerability allows for bypassing Polkit authentication and performing actions in tlp-pd that require administrator privileges. The tlp-pd process runs with root privileges and accepts requests via D-Bus. Some requests can be sent by any user with verified local access to the system (running a graphical session), while others are available only to the administrator. The vulnerability is caused by a race condition that allows the process to be spoofed after the request is sent, so that Polkit will assume the request is from the administrator and will not prompt for the administrator password.
Source: opennet.ru
