Description
In the Linux kernel, the following vulnerability has been resolved:

cpuidle: Skip governor when only one idle state is available

On certain platforms (PowerNV systems without a power-mgt DT node),
cpuidle may register only a single idle state. In cases where that
single state is a polling state (state 0), the ladder governor may
incorrectly treat state 1 as the first usable state and pass an
out-of-bounds index. This can lead to a NULL enter callback being
invoked, ultimately resulting in a system crash.

[ 13.342636] cpuidle-powernv : Only Snooze is available
[ 13.351854] Faulting instruction address: 0x00000000
[ 13.376489] NIP [0000000000000000] 0x0
[ 13.378351] LR [c000000001e01974] cpuidle_enter_state+0x2c4/0x668

Fix this by adding a bail-out in cpuidle_select() that returns state 0
directly when state_count <= 1, bypassing the governor and keeping the
tick running.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The bug occurs in the Linux kernel’s cpuidle subsystem when only one idle state is registered, typically the polling state (state 0). The ladder governor mistakenly treats a nonexistent state 1 as the first usable state, causing an out‑of‑bounds index and a NULL enter callback. This results in a kernel panic, a classic denial‑of‑service scenario. The flaw manifests as a null pointer dereference (CWE‑476) and an out‑of‑bounds index (CWE‑788).

Affected Systems

All Linux kernel builds running on platforms that expose just a single idle state, such as PowerNV systems without a power‑management device tree node, are affected. The vulnerability exists in any kernel that has not incorporated the recent bail‑out in cpuidle_select for state_count <= 1.

Risk and Exploitability

The CVSS score is 5.5, the EPSS score is < 1%, and the vulnerability is not listed in the CISA KEV catalog. Because the flaw is triggered by firmware or boot‑time configuration rather than a remote interface, the attack vector is local; an attacker with physical or local access who can force a one‑state configuration or boot the affected hardware will cause an immediate system crash. No public exploits have been reported.

Generated by OpenCVE AI on June 17, 2026 at 00:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that includes the cpuidle_select bail‑out fix.
  • Ensure the machine’s firmware or device tree declares at least two idle states, for example by adding or correcting the power‑management DT node on PowerNV platforms.
  • If a kernel upgrade cannot be applied immediately, monitor system logs for cpuidle crash patterns and plan a timely firmware or kernel update to prevent service disruption.

Generated by OpenCVE AI on June 17, 2026 at 00:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
History

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Thu, 28 May 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CWE-476

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-788
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 27 May 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CWE-476

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: cpuidle: Skip governor when only one idle state is available On certain platforms (PowerNV systems without a power-mgt DT node), cpuidle may register only a single idle state. In cases where that single state is a polling state (state 0), the ladder governor may incorrectly treat state 1 as the first usable state and pass an out-of-bounds index. This can lead to a NULL enter callback being invoked, ultimately resulting in a system crash. [ 13.342636] cpuidle-powernv : Only Snooze is available [ 13.351854] Faulting instruction address: 0x00000000 [ 13.376489] NIP [0000000000000000] 0x0 [ 13.378351] LR [c000000001e01974] cpuidle_enter_state+0x2c4/0x668 Fix this by adding a bail-out in cpuidle_select() that returns state 0 directly when state_count <= 1, bypassing the governor and keeping the tick running.
Title cpuidle: Skip governor when only one idle state is available
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:27.247Z

Reserved: 2026-05-13T15:03:33.089Z

Link: CVE-2026-45968

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:13.670

Modified: 2026-06-16T02:43:34.007

Link: CVE-2026-45968

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45968 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T00:30:15Z

Weaknesses
  • CWE-476

    NULL Pointer Dereference

  • CWE-788

    Access of Memory Location After End of Buffer