Description

In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix NULL pointer dereference when perf domain ID is not found dev_energymodel_nl_get_perf_domains_doit() calls em_perf_domain_get_by_id() but does not check the return value before passing it to __em_nl_get_pd_size(). When a caller supplies a non-existent perf domain ID, em_perf_domain_get_by_id() returns NULL, and __em_nl_get_pd_size() immediately dereferences pd->cpus (struct offset 0x30), causing a NULL pointer dereference. The sister handler dev_energymodel_nl_get_perf_table_doit() already handles this correctly via __em_nl_get_pd_table_id(), which returns NULL and causes the caller to return -EINVAL. Add the same NULL check in the get-perf-domains do handler. [ rjw: Subject and changelog edits ]

INFO

Published Date :

2026-05-01T14:14:38.820Z

Last Modified :

2026-05-01T14:14:38.820Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-31744 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31744.

URL Resource
https://git.kernel.org/stable/c/9badc2a84e688be1275bb740942d5f6f51746908 cve-icon cve-icon
https://git.kernel.org/stable/c/ab09b9a1e3b02ff62c5aebe3b12b0cb4cb4ea8ab cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System