GHSA-76W7-8X62-J4QM

Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-03-25 12:30
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

cpufreq: intel_pstate: Fix crash during turbo disable

When the system is booted with kernel command line argument "nosmt" or "maxcpus" to limit the number of CPUs, disabling turbo via:

echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo

results in a crash:

PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP PTI ... RIP: 0010:store_no_turbo+0x100/0x1f0 ...

This occurs because for_each_possible_cpu() returns CPUs even if they are not online. For those CPUs, all_cpu_data[] will be NULL. Since commit 973207ae3d7c ("cpufreq: intel_pstate: Rearrange max frequency updates handling code"), all_cpu_data[] is dereferenced even for CPUs which are not online, causing the NULL pointer dereference.

To fix that, pass CPU number to intel_pstate_update_max_freq() and use all_cpu_data[] for those CPUs for which there is a valid cpufreq policy.

Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2026-23332"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T11:16:30Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: intel_pstate: Fix crash during turbo disable\n\nWhen the system is booted with kernel command line argument \"nosmt\" or\n\"maxcpus\" to limit the number of CPUs, disabling turbo via:\n\n echo 1 \u003e /sys/devices/system/cpu/intel_pstate/no_turbo\n\nresults in a crash:\n\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP PTI\n ...\n RIP: 0010:store_no_turbo+0x100/0x1f0\n ...\n\nThis occurs because for_each_possible_cpu() returns CPUs even if they\nare not online. For those CPUs, all_cpu_data[] will be NULL. Since\ncommit 973207ae3d7c (\"cpufreq: intel_pstate: Rearrange max frequency\nupdates handling code\"), all_cpu_data[] is dereferenced even for CPUs\nwhich are not online, causing the NULL pointer dereference.\n\nTo fix that, pass CPU number to intel_pstate_update_max_freq() and use\nall_cpu_data[] for those CPUs for which there is a valid cpufreq policy.",
  "id": "GHSA-76w7-8x62-j4qm",
  "modified": "2026-03-25T12:30:23Z",
  "published": "2026-03-25T12:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23332"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b050482ec40569429d963ac52afa878691b04c9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a1850e2aef4d15405e7ff53fd51c4b3124d46182"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d20d48916ce8531b157c2edeba76d69af2974270"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.