CVE-2026-31744

Description

In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix NULL pointer dereference when perf domain ID is not found dev_energymodel_nl_get_perf_domains_doit() calls em_perf_domain_get_by_id() but does not check the return value before passing it to __em_nl_get_pd_size(). When a caller supplies a non-existent perf domain ID, em_perf_domain_get_by_id() returns NULL, and __em_nl_get_pd_size() immediately dereferences pd->cpus (struct offset 0x30), causing a NULL pointer dereference. The sister handler dev_energymodel_nl_get_perf_table_doit() already handles this correctly via __em_nl_get_pd_table_id(), which returns NULL and causes the caller to return -EINVAL. Add the same NULL check in the get-perf-domains do handler. [ rjw: Subject and changelog edits ]

PUBLISHED Reserved 2026-03-09 | Published 2026-05-01 | Updated 2026-05-01 | Assigner Linux

Product status

References

git.kernel.org/...c/ab09b9a1e3b02ff62c5aebe3b12b0cb4cb4ea8ab

git.kernel.org/...c/9badc2a84e688be1275bb740942d5f6f51746908

cve.org (CVE-2026-31744)

nvd.nist.gov (CVE-2026-31744)

Download JSON