CVE-2026-31744 in Linuxinformación

Resumen

por MITRE • 2026-05-01

In the Linux kernel, the following vulnerability has been resolved:

PM: EM: Fix NULL pointer dereference when perf domain ID is not found

dev_energymodel_nl_get_perf_domains_doit() calls em_perf_domain_get_by_id() but does not check the return value before passing it to __em_nl_get_pd_size(). When a caller supplies a non-existent perf domain ID, em_perf_domain_get_by_id() returns NULL, and __em_nl_get_pd_size() immediately dereferences pd->cpus (struct offset 0x30), causing a NULL pointer dereference.

The sister handler dev_energymodel_nl_get_perf_table_doit() already handles this correctly via __em_nl_get_pd_table_id(), which returns NULL and causes the caller to return -EINVAL. Add the same NULL check in the get-perf-domains do handler.

[ rjw: Subject and changelog edits ]

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Linux

Reservar

2026-03-09

Divulgación

2026-05-01

Moderación

aceptado

Artículo

VDB-360665

CPE

listo

CWE

CWE-476 (confirmado)

CVSS

5.7 (VulDB)

EPSS

0.00017

KEV

Actividades

muy bajo

Sector

Industry, Transportation, ...

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-31744
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-31744
CVE Details	https://www.cvedetails.com/cve/CVE-2026-31744/

◂ Anterior Visión De Conjunto Próximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!