CVE-2026-31744

{"id": "CVE-2026-31744", "cveTags": [], "metrics": {}, "published": "2026-05-01T15:16:37.157", "references": [{"url": "https://git.kernel.org/stable/c/9badc2a84e688be1275bb740942d5f6f51746908", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ab09b9a1e3b02ff62c5aebe3b12b0cb4cb4ea8ab", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: EM: Fix NULL pointer dereference when perf domain ID is not found\n\ndev_energymodel_nl_get_perf_domains_doit() calls\nem_perf_domain_get_by_id() but does not check the return value before\npassing it to __em_nl_get_pd_size(). When a caller supplies a\nnon-existent perf domain ID, em_perf_domain_get_by_id() returns NULL,\nand __em_nl_get_pd_size() immediately dereferences pd->cpus\n(struct offset 0x30), causing a NULL pointer dereference.\n\nThe sister handler dev_energymodel_nl_get_perf_table_doit() already\nhandles this correctly via __em_nl_get_pd_table_id(), which returns\nNULL and causes the caller to return -EINVAL. Add the same NULL check\nin the get-perf-domains do handler.\n\n[ rjw: Subject and changelog edits ]"}], "lastModified": "2026-05-01T15:24:14.893", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}