CVE-2026-23332
Received Received - Intake
Null Pointer Dereference in Linux intel_pstate Causes Kernel Crash

Publication date: 2026-03-25

Last updated on: 2026-04-23

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix crash during turbo disable When the system is booted with kernel command line argument "nosmt" or "maxcpus" to limit the number of CPUs, disabling turbo via: echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo results in a crash: PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP PTI ... RIP: 0010:store_no_turbo+0x100/0x1f0 ... This occurs because for_each_possible_cpu() returns CPUs even if they are not online. For those CPUs, all_cpu_data[] will be NULL. Since commit 973207ae3d7c ("cpufreq: intel_pstate: Rearrange max frequency updates handling code"), all_cpu_data[] is dereferenced even for CPUs which are not online, causing the NULL pointer dereference. To fix that, pass CPU number to intel_pstate_update_max_freq() and use all_cpu_data[] for those CPUs for which there is a valid cpufreq policy.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23332
EUVD
EUVD-2026-15292
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.16
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.16.1 (inc) to 6.18.17 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not include any details about how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability occurs in the Linux kernel's intel_pstate CPU frequency scaling driver. When the system is booted with certain kernel parameters that limit the number of CPUs (such as "nosmt" or "maxcpus"), disabling the turbo feature by writing to /sys/devices/system/cpu/intel_pstate/no_turbo causes a kernel crash.

The crash happens because the code iterates over all possible CPUs, including those that are not online, and attempts to access data structures (all_cpu_data[]) that are NULL for offline CPUs. This leads to a NULL pointer dereference and a kernel oops (crash).

The fix involves modifying the code to only access all_cpu_data[] for CPUs that have a valid cpufreq policy, preventing the NULL pointer dereference.

Impact Analysis

This vulnerability can cause the Linux kernel to crash when disabling the turbo feature on systems booted with CPU-limiting parameters. A kernel crash can lead to system instability, unexpected reboots, and potential data loss.

Such crashes can disrupt normal operations, reduce system availability, and may require manual intervention to restore service.

Detection Guidance

This vulnerability can be detected by observing system crashes or kernel oops messages when disabling turbo mode on Intel CPUs using the intel_pstate driver, especially if the system is booted with the "nosmt" or "maxcpus" kernel command line arguments.

Specifically, running the command to disable turbo mode:

  • echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo

may cause a crash with messages similar to:

  • PF: supervisor read access in kernel mode
  • Oops: Oops: 0000 [#1] SMP PTI
  • RIP: 0010:store_no_turbo+0x100/0x1f0

Monitoring kernel logs (e.g., using dmesg or journalctl) after executing the above command can help detect the presence of this vulnerability.

Mitigation Strategies

To mitigate this vulnerability, avoid disabling turbo mode via the sysfs interface when the system is booted with "nosmt" or "maxcpus" kernel parameters that limit the number of CPUs.

Alternatively, update the Linux kernel to a version where this issue is fixed, which involves a patch that ensures only online CPUs with valid cpufreq policies are accessed when disabling turbo mode.

Until the fix is applied, refrain from using the command:

  • echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo

if the system is booted with CPU limiting parameters.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23332. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart