CVE-2026-43401
Received Received - Intake
NULL Pointer Dereference in Linux Kernel cpufreq Intel Pstate

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request() The update_cpu_qos_request() function attempts to initialize the 'freq' variable by dereferencing 'cpudata' before verifying if the 'policy' is valid. This issue occurs on systems booted with the "nosmt" parameter, where all_cpu_data[cpu] is NULL for the SMT sibling threads. As a result, any call to update_qos_requests() will result in a NULL pointer dereference as the code will attempt to access pstate.turbo_freq using the NULL cpudata pointer. Also, pstate.turbo_freq may be updated by intel_pstate_get_hwp_cap() after initializing the 'freq' variable, so it is better to defer the 'freq' until intel_pstate_get_hwp_cap() has been called. Fix this by deferring the 'freq' assignment until after the policy and driver_data have been validated. [ rjw: Added one paragraph to the changelog ]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2026-43401
EUVD
EUVD-2026-28707
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux_kernel linux_kernel *
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's intel_pstate driver, specifically in the update_cpu_qos_request() function. The function attempts to initialize a variable by dereferencing a pointer without first verifying if the pointer is valid. On systems booted with the "nosmt" parameter, some CPU data pointers are NULL for SMT sibling threads. As a result, when update_qos_requests() is called, it tries to access data through a NULL pointer, causing a NULL pointer dereference error.

The issue arises because the code accesses the 'freq' variable too early before confirming the validity of the policy and driver data. The fix involves deferring the assignment of 'freq' until after these validations, preventing the NULL pointer dereference.


How can this vulnerability impact me? :

This vulnerability can cause a NULL pointer dereference in the Linux kernel, which typically leads to a kernel crash or system instability. On affected systems, this could result in unexpected reboots or denial of service conditions, impacting system availability.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by deferring the 'freq' assignment until after the policy and driver_data have been validated in the intel_pstate driver within the Linux kernel.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.

Additionally, avoid booting systems with the 'nosmt' parameter until the fix is applied, as the issue occurs on systems booted with this parameter.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart