NuytsTech Security

CVE-2026-23332

by ·

In the Linux kernel, the following vulnerability has been resolved:

cpufreq: intel_pstate: Fix crash during turbo disable

When the system is booted with kernel command line argument “nosmt” or
“maxcpus” to limit the number of CPUs, disabling turbo via:

echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo

results in a crash:

PF: supervisor read access in kernel mode
PF: error_code(0x0000) – not-present page
PGD 0 P4D 0
Oops: Oops: 0000 [#1] SMP PTI

RIP: 0010:store_no_turbo+0x100/0x1f0

This occurs because for_each_possible_cpu() returns CPUs even if they
are not online. For those CPUs, all_cpu_data[] will be NULL. Since
commit 973207ae3d7c (“cpufreq: intel_pstate: Rearrange max frequency
updates handling code”), all_cpu_data[] is dereferenced even for CPUs
which are not online, causing the NULL pointer dereference.

To fix that, pass CPU number to intel_pstate_update_max_freq() and use
all_cpu_data[] for those CPUs for which there is a valid cpufreq policy.

More information : https://git.kernel.org/stable/c/6b050482ec40569429d963ac52afa878691b04c9

Tags: