CVE-2026-31744
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
01/05/2026
Last modified:
07/05/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
PM: EM: Fix NULL pointer dereference when perf domain ID is not found<br />
<br />
dev_energymodel_nl_get_perf_domains_doit() calls<br />
em_perf_domain_get_by_id() but does not check the return value before<br />
passing it to __em_nl_get_pd_size(). When a caller supplies a<br />
non-existent perf domain ID, em_perf_domain_get_by_id() returns NULL,<br />
and __em_nl_get_pd_size() immediately dereferences pd->cpus<br />
(struct offset 0x30), causing a NULL pointer dereference.<br />
<br />
The sister handler dev_energymodel_nl_get_perf_table_doit() already<br />
handles this correctly via __em_nl_get_pd_table_id(), which returns<br />
NULL and causes the caller to return -EINVAL. Add the same NULL check<br />
in the get-perf-domains do handler.<br />
<br />
[ rjw: Subject and changelog edits ]
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19.1 (including) | 6.19.12 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page