{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23332", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.997Z", "datePublished": "2026-03-25T10:27:23.193Z", "dateUpdated": "2026-03-25T10:27:23.193Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:23.193Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: intel_pstate: Fix crash during turbo disable\n\nWhen the system is booted with kernel command line argument \"nosmt\" or\n\"maxcpus\" to limit the number of CPUs, disabling turbo via:\n\n echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo\n\nresults in a crash:\n\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP PTI\n ...\n RIP: 0010:store_no_turbo+0x100/0x1f0\n ...\n\nThis occurs because for_each_possible_cpu() returns CPUs even if they\nare not online. For those CPUs, all_cpu_data[] will be NULL. Since\ncommit 973207ae3d7c (\"cpufreq: intel_pstate: Rearrange max frequency\nupdates handling code\"), all_cpu_data[] is dereferenced even for CPUs\nwhich are not online, causing the NULL pointer dereference.\n\nTo fix that, pass CPU number to intel_pstate_update_max_freq() and use\nall_cpu_data[] for those CPUs for which there is a valid cpufreq policy."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/cpufreq/intel_pstate.c"], "versions": [{"version": "973207ae3d7c3c92df4a382df5d7bd695deaa904", "lessThan": "a1850e2aef4d15405e7ff53fd51c4b3124d46182", "status": "affected", "versionType": "git"}, {"version": "973207ae3d7c3c92df4a382df5d7bd695deaa904", "lessThan": "d20d48916ce8531b157c2edeba76d69af2974270", "status": "affected", "versionType": "git"}, {"version": "973207ae3d7c3c92df4a382df5d7bd695deaa904", "lessThan": "6b050482ec40569429d963ac52afa878691b04c9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/cpufreq/intel_pstate.c"], "versions": [{"version": "6.16", "status": "affected"}, {"version": "0", "lessThan": "6.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a1850e2aef4d15405e7ff53fd51c4b3124d46182"}, {"url": "https://git.kernel.org/stable/c/d20d48916ce8531b157c2edeba76d69af2974270"}, {"url": "https://git.kernel.org/stable/c/6b050482ec40569429d963ac52afa878691b04c9"}], "title": "cpufreq: intel_pstate: Fix crash during turbo disable", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: intel_pstate: Fix crash during turbo disable\n\nWhen the system is booted with kernel command line argument \"nosmt\" or\n\"maxcpus\" to limit the number of CPUs, disabling turbo via:\n\n echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo\n\nresults in a crash:\n\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP PTI\n ...\n RIP: 0010:store_no_turbo+0x100/0x1f0\n ...\n\nThis occurs because for_each_possible_cpu() returns CPUs even if they\nare not online. For those CPUs, all_cpu_data[] will be NULL. Since\ncommit 973207ae3d7c (\"cpufreq: intel_pstate: Rearrange max frequency\nupdates handling code\"), all_cpu_data[] is dereferenced even for CPUs\nwhich are not online, causing the NULL pointer dereference.\n\nTo fix that, pass CPU number to intel_pstate_update_max_freq() and use\nall_cpu_data[] for those CPUs for which there is a valid cpufreq policy."}], "id": "CVE-2026-23332", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:30.647", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6b050482ec40569429d963ac52afa878691b04c9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a1850e2aef4d15405e7ff53fd51c4b3124d46182"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d20d48916ce8531b157c2edeba76d69af2974270"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: cpufreq: intel_pstate: Fix crash during turbo disable", "id": "2451209", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451209"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["A flaw was found in the Linux kernel's intel_pstate cpufreq driver. A local user can trigger a system crash, leading to a Denial of Service (DoS), by attempting to disable the CPU turbo feature through the sysfs interface. This vulnerability occurs on systems booted with specific kernel arguments like \"nosmt\" or \"maxcpus\", due to a NULL pointer dereference when processing offline CPUs."], "mitigation": {"lang": "en:us", "value": "Avoid modifying /sys/devices/system/cpu/intel_pstate/no_turbo on systems booted with nosmt or maxcpus parameters."}, "name": "CVE-2026-23332", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23332\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23332\nhttps://lore.kernel.org/linux-cve-announce/2026032533-CVE-2026-23332-50e0@gregkh/T"], "statement": "This flaw affects Intel systems using the intel_pstate cpufreq driver when booted with nosmt or maxcpus boot parameters. Writing to /sys/devices/system/cpu/intel_pstate/no_turbo causes all_cpu_data[] to be dereferenced for offline CPUs, which have NULL entries. The crash requires sysfs write access, typically requiring root privileges.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-03-25T12:39:04.232020+00:00", "value": {"mitigation_remediation": ["Apply a Linux kernel update that contains the commit which safely handles CPUs when disabling turbo", "Verify the update by attempting to disable turbo mode and confirming that the system remains stable", "If an immediate kernel update is not possible, avoid disabling turbo mode or remove the nosmt and maxcpus parameters to prevent the crash", "Check the vendor or distribution\u2019s security advisories for the specific version that includes the fix"], "summary": {"action": "Patch immediately", "impact": "Kernel Crash (Denial of Service)"}, "threat_synthesis": {"affected_systems": "Linux kernels that do not yet contain the commit that safely handles CPU data when turbo mode is disabled are affected. The update is included in commits following 973207ae3d7c; therefore any kernel version built before that point remains vulnerable. The vulnerability applies to all variants of the Linux kernel that expose the intel_pstate subsystem, regardless of distribution.", "description_and_impact": "Disabling CPU turbo mode through the sysfs interface /sys/devices/system/cpu/intel_pstate/no_turbo on a system that has been booted with the nosmt or maxcpus kernel parameters causes the kernel to panic. The code incorrectly dereferences the all_cpu_data array for CPUs that are not online, leading to a NULL pointer dereference. The result is an immediate kernel crash, which renders the system unavailable until a reboot. There is no evidence of data exposure or code execution beyond the loss of service.", "risk_and_exploitability": "The likely attack vector is a privileged local user who can write to the no_turbo sysfs node. Based on the description, it is inferred that the attacker would need root access to trigger the crash, either by executing an echo command as root or by exploiting an existing privilege escalation that grants write access to that file. The impact is a denial of service through a kernel panic, with no known privilege escalation or remote exploitation. The CVSS score is not available, the EPSS score is missing, and the vulnerability is not listed in the CISA KEV catalog. Given the local nature of the required privilege, the overall risk can be considered moderate, while the severity of the impact remains high if a vulnerable kernel is in use."}}}}, "created": "2026-03-25T21:32:21.602623+00:00", "updated": "2026-03-25T21:32:21.602753+00:00", "vendors": [], "weaknesses": ["CWE-476"]}