CVE-2026-31744
Analyzed Analyzed - Analysis Complete
NULL Pointer Dereference in Linux Kernel Energy Model

Publication date: 2026-05-01

Last updated on: 2026-05-07

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix NULL pointer dereference when perf domain ID is not found dev_energymodel_nl_get_perf_domains_doit() calls em_perf_domain_get_by_id() but does not check the return value before passing it to __em_nl_get_pd_size(). When a caller supplies a non-existent perf domain ID, em_perf_domain_get_by_id() returns NULL, and __em_nl_get_pd_size() immediately dereferences pd->cpus (struct offset 0x30), causing a NULL pointer dereference. The sister handler dev_energymodel_nl_get_perf_table_doit() already handles this correctly via __em_nl_get_pd_table_id(), which returns NULL and causes the caller to return -EINVAL. Add the same NULL check in the get-perf-domains do handler. [ rjw: Subject and changelog edits ]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31744
EUVD
EUVD-2026-26557
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.19.1 (inc) to 6.19.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's power management energy model (PM EM) subsystem. Specifically, a function called dev_energymodel_nl_get_perf_domains_doit() calls another function em_perf_domain_get_by_id() without checking if the returned value is NULL. If a caller provides a non-existent performance domain ID, em_perf_domain_get_by_id() returns NULL, and the subsequent function __em_nl_get_pd_size() dereferences this NULL pointer, leading to a NULL pointer dereference error.

This issue occurs because the code does not validate the existence of the performance domain ID before using it, which can cause the kernel to crash or behave unexpectedly.

Impact Analysis

The impact of this vulnerability is that it can cause a NULL pointer dereference in the Linux kernel, which typically results in a kernel crash or system instability. This can lead to denial of service (DoS) conditions where the affected system becomes unresponsive or requires a reboot.

Compliance Impact

The provided information does not specify any impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31744. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart