CVE-2026-43401

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request()<br /> <br /> The update_cpu_qos_request() function attempts to initialize the &amp;#39;freq&amp;#39;<br /> variable by dereferencing &amp;#39;cpudata&amp;#39; before verifying if the &amp;#39;policy&amp;#39;<br /> is valid.<br /> <br /> This issue occurs on systems booted with the "nosmt" parameter, where<br /> all_cpu_data[cpu] is NULL for the SMT sibling threads. As a result,<br /> any call to update_qos_requests() will result in a NULL pointer<br /> dereference as the code will attempt to access pstate.turbo_freq using<br /> the NULL cpudata pointer.<br /> <br /> Also, pstate.turbo_freq may be updated by intel_pstate_get_hwp_cap()<br /> after initializing the &amp;#39;freq&amp;#39; variable, so it is better to defer the<br /> &amp;#39;freq&amp;#39; until intel_pstate_get_hwp_cap() has been called.<br /> <br /> Fix this by deferring the &amp;#39;freq&amp;#39; assignment until after the policy and<br /> driver_data have been validated.<br /> <br /> [ rjw: Added one paragraph to the changelog ]