CVE-2026-31744 PUBLISHED

PM: EM: Fix NULL pointer dereference when perf domain ID is not found

Assigner: Linux
Reserved: 09.03.2026 Published: 01.05.2026 Updated: 01.05.2026

In the Linux kernel, the following vulnerability has been resolved:

PM: EM: Fix NULL pointer dereference when perf domain ID is not found

dev_energymodel_nl_get_perf_domains_doit() calls em_perf_domain_get_by_id() but does not check the return value before passing it to __em_nl_get_pd_size(). When a caller supplies a non-existent perf domain ID, em_perf_domain_get_by_id() returns NULL, and __em_nl_get_pd_size() immediately dereferences pd->cpus (struct offset 0x30), causing a NULL pointer dereference.

The sister handler dev_energymodel_nl_get_perf_table_doit() already handles this correctly via __em_nl_get_pd_table_id(), which returns NULL and causes the caller to return -EINVAL. Add the same NULL check in the get-perf-domains do handler.

[ rjw: Subject and changelog edits ]

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 380ff27af25e49e2cb2ff8fd0ecd7c95be2976ee to ab09b9a1e3b02ff62c5aebe3b12b0cb4cb4ea8ab (excl.)
  • affected from 380ff27af25e49e2cb2ff8fd0ecd7c95be2976ee to 9badc2a84e688be1275bb740942d5f6f51746908 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.19 is affected
  • unaffected from 0 to 6.19 (excl.)
  • unaffected from 6.19.12 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References