CVE-2026-31744

MEDIUM

PM: EM: Fix NULL pointer dereference when perf domain ID is not found

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix NULL pointer dereference when perf domain ID is not found dev_energymodel_nl_get_perf_domains_doit() calls em_perf_domain_get_by_id() but does not check the return value before passing it to __em_nl_get_pd_size(). When a caller supplies a non-existent perf domain ID, em_perf_domain_get_by_id() returns NULL, and __em_nl_get_pd_size() immediately dereferences pd->cpus (struct offset 0x30), causing a NULL pointer dereference. The sister handler dev_energymodel_nl_get_perf_table_doit() already handles this correctly via __em_nl_get_pd_table_id(), which returns NULL and causes the caller to return -EINVAL. Add the same NULL check in the get-perf-domains do handler. [ rjw: Subject and changelog edits ]

References (2)

Core 2

Core References

https://git.kernel.org/stable/c/ab09b9a1e3b02ff62c5aebe3b12b0cb4cb4ea8ab

https://git.kernel.org/stable/c/9badc2a84e688be1275bb740942d5f6f51746908

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 3.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (9)

Linux/Linux < 6.19

Linux/Linux 380ff27af25e49e2cb2ff8fd0ecd7c95be2976ee - 9badc2a84e688be1275bb740942d5f6f51746908

Linux/Linux 380ff27af25e49e2cb2ff8fd0ecd7c95be2976ee - ab09b9a1e3b02ff62c5aebe3b12b0cb4cb4ea8ab

Linux/Linux 6.19

Linux/Linux 6.19.12 - 6.19.*

Linux/Linux 7.0

linux/linux_kernel 6.19 rc6 (3 CPE variants)

linux/linux_kernel 7.0 rc1 (7 CPE variants)

linux/linux_kernel 6.19.1 - 6.19.12

Published May 01, 2026

Tracked Since May 01, 2026