Description
In the Linux kernel, the following vulnerability has been resolved:

cpufreq: intel_pstate: Fix crash during turbo disable

When the system is booted with kernel command line argument "nosmt" or
"maxcpus" to limit the number of CPUs, disabling turbo via:

echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo

results in a crash:

PF: supervisor read access in kernel mode
PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: Oops: 0000 [#1] SMP PTI
...
RIP: 0010:store_no_turbo+0x100/0x1f0
...

This occurs because for_each_possible_cpu() returns CPUs even if they
are not online. For those CPUs, all_cpu_data[] will be NULL. Since
commit 973207ae3d7c ("cpufreq: intel_pstate: Rearrange max frequency
updates handling code"), all_cpu_data[] is dereferenced even for CPUs
which are not online, causing the NULL pointer dereference.

To fix that, pass CPU number to intel_pstate_update_max_freq() and use
all_cpu_data[] for those CPUs for which there is a valid cpufreq policy.
Published: 2026-03-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (kernel crash)
Action: Patch Immediately
AI Analysis

Impact

A NULL pointer dereference in the Linux kernel’s cpufreq intel_pstate module triggers a kernel panic when users disable Intel Turbo Boost via the /sys interface while the system is booted with CPU limits such as nosmt or maxcpus. The crash forces a system reboot, disrupting availability but does not expose data or enable arbitrary code execution.

Affected Systems

The vulnerability affects the Linux kernel in all distributions that ship the default kernel source. It applies to kernel versions that have not integrated the fix that reorganizes the maximum frequency update handling. No specific version range is published, but any kernel before the commit that corrected the dereference is potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while the EPSS score of less than 1 % points to a low probability of exploitation. The flaw requires local access and root privileges to trigger the disabling of turbo through the sysfs interface, limiting the risk of remote attacks. It is not listed in the CISA KEV catalog, and no widespread public exploits have been reported, though an unpatched kernel could experience unexpected crashes during normal operation.

Generated by OpenCVE AI on March 26, 2026 at 03:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a kernel release that contains the cpufreq intel_pstate fix (commit 973207ae3d7c).
  • Until a kernel upgrade is possible, avoid using the no_turbo interface when the kernel is booted with nosmt or maxcpus parameters.
  • Monitor system logs for kernel oops messages related to store_no_turbo after disabling turbo, and apply the update if the crash occurs.

Generated by OpenCVE AI on March 26, 2026 at 03:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:linux:linux_kernel:6.16:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix crash during turbo disable When the system is booted with kernel command line argument "nosmt" or "maxcpus" to limit the number of CPUs, disabling turbo via: echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo results in a crash: PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP PTI ... RIP: 0010:store_no_turbo+0x100/0x1f0 ... This occurs because for_each_possible_cpu() returns CPUs even if they are not online. For those CPUs, all_cpu_data[] will be NULL. Since commit 973207ae3d7c ("cpufreq: intel_pstate: Rearrange max frequency updates handling code"), all_cpu_data[] is dereferenced even for CPUs which are not online, causing the NULL pointer dereference. To fix that, pass CPU number to intel_pstate_update_max_freq() and use all_cpu_data[] for those CPUs for which there is a valid cpufreq policy.
Title cpufreq: intel_pstate: Fix crash during turbo disable
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-13T06:05:12.856Z

Reserved: 2026-01-13T15:37:45.997Z

Link: CVE-2026-23332

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T11:16:30.647

Modified: 2026-04-23T21:13:22.360

Link: CVE-2026-23332

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23332 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:16:25Z

Weaknesses