CVE-2026-23332

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix crash during turbo disable When the system is booted with kernel command line argument "nosmt" or "maxcpus" to limit the number of CPUs, disabling turbo via: echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo results in a crash: PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP PTI ... RIP: 0010:store_no_turbo+0x100/0x1f0 ... This occurs because for_each_possible_cpu() returns CPUs even if they are not online. For those CPUs, all_cpu_data[] will be NULL. Since commit 973207ae3d7c ("cpufreq: intel_pstate: Rearrange max frequency updates handling code"), all_cpu_data[] is dereferenced even for CPUs which are not online, causing the NULL pointer dereference. To fix that, pass CPU number to intel_pstate_update_max_freq() and use all_cpu_data[] for those CPUs for which there is a valid cpufreq policy.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/6b050482ec40569429d963ac52afa878691b04c9	Patch
https://git.kernel.org/stable/c/a1850e2aef4d15405e7ff53fd51c4b3124d46182	Patch
https://git.kernel.org/stable/c/d20d48916ce8531b157c2edeba76d69af2974270	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.16:-::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

History

23 Apr 2026, 21:13

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc7:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.16:-:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
First Time		Linux Linux linux Kernel
CWE		CWE-476
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/6b050482ec40569429d963ac52afa878691b04c9 -~~	() https://git.kernel.org/stable/c/6b050482ec40569429d963ac52afa878691b04c9 - Patch
References	~~() https://git.kernel.org/stable/c/a1850e2aef4d15405e7ff53fd51c4b3124d46182 -~~	() https://git.kernel.org/stable/c/a1850e2aef4d15405e7ff53fd51c4b3124d46182 - Patch
References	~~() https://git.kernel.org/stable/c/d20d48916ce8531b157c2edeba76d69af2974270 -~~	() https://git.kernel.org/stable/c/d20d48916ce8531b157c2edeba76d69af2974270 - Patch
Summary		(es) En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: cpufreq: intel_pstate: Soluciona un fallo durante la desactivación del turbo Cuando el sistema se inicia con el argumento de línea de comandos del kernel "nosmt" o "maxcpus" para limitar el número de CPUs, la desactivación del turbo a través de: echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo resulta en un fallo: PF: acceso de lectura de supervisor en modo kernel PF: error_code(0x0000) - página no presente PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP PTI ... RIP: 0010:store_no_turbo+0x100/0x1f0 ... Esto ocurre porque for_each_possible_cpu() devuelve CPUs incluso si no están en línea. Para esas CPUs, all_cpu_data[] será NULL. Desde el commit 973207ae3d7c ('cpufreq: intel_pstate: Reorganizar el código de manejo de actualizaciones de frecuencia máxima'), all_cpu_data[] es desreferenciado incluso para CPUs que no están en línea, causando la desreferencia del puntero NULL. Para solucionar eso, pasar el número de CPU a intel_pstate_update_max_freq() y usar all_cpu_data[] para aquellas CPUs para las cuales existe una política cpufreq válida.

25 Mar 2026, 11:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-25 11:16

Updated : 2026-04-23 21:13

NVD link : CVE-2026-23332

Mitre link : CVE-2026-23332

CVE.ORG link : CVE-2026-23332

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10