CVE-2026-31744

Published: May 1, 2026Modified: May 7, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix NULL pointer dereference when perf domain ID is not found dev_energymodel_nl_get_perf_domains_doit() calls em_perf_domain_get_by_id() but does not check the return value before passing it to __em_nl_get_pd_size(). When a caller supplies a non-existent perf domain ID, em_perf_domain_get_by_id() returns NULL, and __em_nl_get_pd_size() immediately dereferences pd->cpus (struct offset 0x30), causing a NULL pointer dereference. The sister handler dev_energymodel_nl_get_perf_table_doit() already handles this correctly via __em_nl_get_pd_table_id(), which returns NULL and causes the caller to return -EINVAL. Add the same NULL check in the get-perf-domains do handler. [ rjw: Subject and changelog edits ]

Affected (11)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.19.1 to 6.19.12
Linux Linux Kernel	Version 6.19 rc6
Linux Linux Kernel	Version 6.19 rc7
Linux Linux Kernel	Version 6.19 rc8
Linux Linux Kernel	Version 7.0 rc1
Linux Linux Kernel	Version 7.0 rc2
Linux Linux Kernel	Version 7.0 rc3
Linux Linux Kernel	Version 7.0 rc4
Linux Linux Kernel	Version 7.0 rc5
Linux Linux Kernel	Version 7.0 rc6
Linux Linux Kernel	Version 7.0 rc7

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (2)

https://git.kernel.org/stable/c/9badc2a84e688be1275bb740942d5f6f51746908

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/ab09b9a1e3b02ff62c5aebe3b12b0cb4cb4ea8ab

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.