CVE-2026-31744

Source
https://cve.org/CVERecord?id=CVE-2026-31744
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31744.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31744
Downstream
Published
2026-05-01T14:14:38.820Z
Modified
2026-07-08T07:01:40.976434553Z
Summary
PM: EM: Fix NULL pointer dereference when perf domain ID is not found
Details

In the Linux kernel, the following vulnerability has been resolved:

PM: EM: Fix NULL pointer dereference when perf domain ID is not found

devenergymodelnlgetperfdomainsdoit() calls emperfdomaingetby_id() but does not check the return value before passing it to __emnlgetpdsize(). When a caller supplies a non-existent perf domain ID, emperfdomaingetby_id() returns NULL, and __emnlgetpdsize() immediately dereferences pd->cpus (struct offset 0x30), causing a NULL pointer dereference.

The sister handler devenergymodelnlgetperftabledoit() already handles this correctly via _emnlgetpdtableid(), which returns NULL and causes the caller to return -EINVAL. Add the same NULL check in the get-perf-domains do handler.

[ rjw: Subject and changelog edits ]

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31744.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
380ff27af25e49e2cb2ff8fd0ecd7c95be2976ee
Fixed
ab09b9a1e3b02ff62c5aebe3b12b0cb4cb4ea8ab
Fixed
9badc2a84e688be1275bb740942d5f6f51746908

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31744.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.12

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31744.json"