{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-43401","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-01T14:12:56.007Z","datePublished":"2026-05-08T14:21:42.876Z","dateUpdated":"2026-05-11T22:23:52.197Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:23:52.197Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request()\n\nThe update_cpu_qos_request() function attempts to initialize the 'freq'\nvariable by dereferencing 'cpudata' before verifying if the 'policy'\nis valid.\n\nThis issue occurs on systems booted with the \"nosmt\" parameter, where\nall_cpu_data[cpu] is NULL for the SMT sibling threads. As a result,\nany call to update_qos_requests() will result in a NULL pointer\ndereference as the code will attempt to access pstate.turbo_freq using\nthe NULL cpudata pointer.\n\nAlso, pstate.turbo_freq may be updated by intel_pstate_get_hwp_cap()\nafter initializing the 'freq' variable, so it is better to defer the\n'freq' until intel_pstate_get_hwp_cap() has been called.\n\nFix this by deferring the 'freq' assignment until after the policy and\ndriver_data have been validated.\n\n[ rjw: Added one paragraph to the changelog ]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/cpufreq/intel_pstate.c"],"versions":[{"version":"ae1bdd23b99f64335c69d546bff99ca39b894c18","lessThan":"6bfda7ce56e7d14a677b7bcd6c7a5009cc29aa88","status":"affected","versionType":"git"},{"version":"ae1bdd23b99f64335c69d546bff99ca39b894c18","lessThan":"42738dffb7b0766a45882dff7989401d78f66f92","status":"affected","versionType":"git"},{"version":"ae1bdd23b99f64335c69d546bff99ca39b894c18","lessThan":"ab39cc4cb8ceecdc2b61747433e7237f1ac2b789","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/cpufreq/intel_pstate.c"],"versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","status":"unaffected","versionType":"semver"},{"version":"6.18.19","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.9","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.19.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6bfda7ce56e7d14a677b7bcd6c7a5009cc29aa88"},{"url":"https://git.kernel.org/stable/c/42738dffb7b0766a45882dff7989401d78f66f92"},{"url":"https://git.kernel.org/stable/c/ab39cc4cb8ceecdc2b61747433e7237f1ac2b789"}],"title":"cpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request()","x_generator":{"engine":"bippy-1.2.0"}}}}