CVE-2026-31544 PUBLISHED

firmware: arm_scmi: Fix NULL dereference on notify error path

Assigner: Linux
Reserved: 09.03.2026 Published: 24.04.2026 Updated: 24.04.2026

In the Linux kernel, the following vulnerability has been resolved:

firmware: arm_scmi: Fix NULL dereference on notify error path

Since commit b5daf93b809d1 ("firmware: arm_scmi: Avoid notifier registration for unsupported events") the call chains leading to the helper __scmi_event_handler_get_ops expect an ERR_PTR to be returned on failure to get an handler for the requested event key, while the current helper can still return a NULL when no handler could be found or created.

Fix by forcing an ERR_PTR return value when the handler reference is NULL.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from b5daf93b809d13a194f8a8eeacfab1cfa241bbc3 to 70d9bd9a2e683afe6200b0c20af22f06f1a199a4 (excl.)
  • affected from b5daf93b809d13a194f8a8eeacfab1cfa241bbc3 to 8414d2800c34528467df23ce6192c254a73e4459 (excl.)
  • affected from b5daf93b809d13a194f8a8eeacfab1cfa241bbc3 to 555317d6100164748f7d09f80142739bd29f0cda (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.17 is affected
  • unaffected from 0 to 6.17 (excl.)
  • unaffected from 6.18.20 to 6.18.* (incl.)
  • unaffected from 6.19.10 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References