CVE-2026-23332

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cpufreq: intel_pstate: Fix crash during turbo disable<br /> <br /> When the system is booted with kernel command line argument "nosmt" or<br /> "maxcpus" to limit the number of CPUs, disabling turbo via:<br /> <br /> echo 1 &gt; /sys/devices/system/cpu/intel_pstate/no_turbo<br /> <br /> results in a crash:<br /> <br /> PF: supervisor read access in kernel mode<br /> PF: error_code(0x0000) - not-present page<br /> PGD 0 P4D 0<br /> Oops: Oops: 0000 [#1] SMP PTI<br /> ...<br /> RIP: 0010:store_no_turbo+0x100/0x1f0<br /> ...<br /> <br /> This occurs because for_each_possible_cpu() returns CPUs even if they<br /> are not online. For those CPUs, all_cpu_data[] will be NULL. Since<br /> commit 973207ae3d7c ("cpufreq: intel_pstate: Rearrange max frequency<br /> updates handling code"), all_cpu_data[] is dereferenced even for CPUs<br /> which are not online, causing the NULL pointer dereference.<br /> <br /> To fix that, pass CPU number to intel_pstate_update_max_freq() and use<br /> all_cpu_data[] for those CPUs for which there is a valid cpufreq policy.