Bug 2461497 (CVE-2026-31544) - CVE-2026-31544 kernel: firmware: arm_scmi: Fix NULL dereference on notify error path
Summary: CVE-2026-31544 kernel: firmware: arm_scmi: Fix NULL dereference on notify err...
Keywords:
Status: NEW
Alias: CVE-2026-31544
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-24 15:05 UTC by OSIDB Bzimport
Modified: 2026-05-25 07:50 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-04-24 15:05:00 UTC
In the Linux kernel, the following vulnerability has been resolved:

firmware: arm_scmi: Fix NULL dereference on notify error path

Since commit b5daf93b809d1 ("firmware: arm_scmi: Avoid notifier
registration for unsupported events") the call chains leading to the helper
__scmi_event_handler_get_ops expect an ERR_PTR to be returned on failure to
get an handler for the requested event key, while the current helper can
still return a NULL when no handler could be found or created.

Fix by forcing an ERR_PTR return value when the handler reference is NULL.

Comment 7 Helen Grace 2026-05-25 07:50:05 UTC
(In reply to Keith Grant from comment #1)
> Upstream advisory:
> https://lore.kernel.org/linux-cve-announce/2026042424-CVE-2026-31544- https://dinosaurgamefree.io/ 
> 7fc3@gregkh/T

Sometimes the hardest bugs to track down are the ones that look harmless at first glance


Note You need to log in before you can comment on or make changes to this bug.