CVE-2026-31744
NULL Pointer Dereference in Linux Kernel Energy Model
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's power management energy model (PM EM) subsystem. Specifically, a function called dev_energymodel_nl_get_perf_domains_doit() calls another function em_perf_domain_get_by_id() without checking if the returned value is NULL. If a caller provides a non-existent performance domain ID, em_perf_domain_get_by_id() returns NULL, and the subsequent function __em_nl_get_pd_size() dereferences this NULL pointer, leading to a NULL pointer dereference error.
This issue occurs because the code does not validate the existence of the performance domain ID before using it, which can cause the kernel to crash or behave unexpectedly.
How can this vulnerability impact me? :
The impact of this vulnerability is that it can cause a NULL pointer dereference in the Linux kernel, which typically results in a kernel crash or system instability. This can lead to denial of service (DoS) conditions where the affected system becomes unresponsive or requires a reboot.