CVE-2026-45968
Analyzed Analyzed - Analysis Complete
cpuidle Ladder Governor OOB Access in Linux Kernel

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: cpuidle: Skip governor when only one idle state is available On certain platforms (PowerNV systems without a power-mgt DT node), cpuidle may register only a single idle state. In cases where that single state is a polling state (state 0), the ladder governor may incorrectly treat state 1 as the first usable state and pass an out-of-bounds index. This can lead to a NULL enter callback being invoked, ultimately resulting in a system crash. [ 13.342636] cpuidle-powernv : Only Snooze is available [ 13.351854] Faulting instruction address: 0x00000000 [ 13.376489] NIP [0000000000000000] 0x0 [ 13.378351] LR [c000000001e01974] cpuidle_enter_state+0x2c4/0x668 Fix this by adding a bail-out in cpuidle_select() that returns state 0 directly when state_count <= 1, bypassing the governor and keeping the tick running.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45968
EUVD
EUVD-2026-32252
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.13 (inc) to 6.18.14 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.4 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.128 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.202 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.165 (exc)
linux linux_kernel From 4.14 (inc) to 5.10.252 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's cpuidle subsystem on certain PowerNV platforms without a power management device tree node. When only one idle state is available and that state is a polling state (state 0), the ladder governor incorrectly assumes state 1 is the first usable idle state and passes an out-of-bounds index. This causes a NULL enter callback to be invoked, which can lead to a system crash.

The issue is fixed by modifying cpuidle_select() to return state 0 directly when there is only one idle state, bypassing the governor and preventing the crash.

Impact Analysis

This vulnerability can cause a system crash on affected Linux kernel versions running on certain PowerNV platforms. The crash occurs due to an invalid idle state index being used, which leads to a NULL callback invocation. Such crashes can result in system downtime, loss of data, and disruption of services.

Detection Guidance

This vulnerability can be detected by checking the system logs for specific kernel messages indicating the issue with cpuidle on PowerNV systems.

  • Look for log entries similar to: '[ 13.342636] cpuidle-powernv : Only Snooze is available'
  • Check for faulting instruction addresses and null pointer dereferences in kernel logs, such as: '[ 13.351854] Faulting instruction address: 0x00000000' and '[ 13.378351] LR [c000000001e01974] cpuidle_enter_state+0x2c4/0x668'

You can use the following command to view kernel logs and search for these messages:

  • dmesg | grep -i cpuidle
  • journalctl -k | grep -i cpuidle
Mitigation Strategies

The vulnerability is fixed by a kernel patch that adds a bail-out in cpuidle_select() to return state 0 directly when only one idle state is available, bypassing the governor.

Immediate mitigation steps include:

  • Update the Linux kernel to a version that includes the fix for this vulnerability.
  • Avoid running affected PowerNV systems without a power management device tree node until the patch is applied.
  • Monitor system stability and kernel logs for signs of the issue until the update is deployed.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45968. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart