Bug 2451209 (CVE-2026-23332) - CVE-2026-23332 kernel: cpufreq: intel_pstate: Fix crash during turbo disable
Summary: CVE-2026-23332 kernel: cpufreq: intel_pstate: Fix crash during turbo disable
Keywords:
Status: NEW
Alias: CVE-2026-23332
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-03-25 11:04 UTC by OSIDB Bzimport
Modified: 2026-03-25 15:53 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-03-25 11:04:46 UTC 
In the Linux kernel, the following vulnerability has been resolved:

cpufreq: intel_pstate: Fix crash during turbo disable

When the system is booted with kernel command line argument "nosmt" or
"maxcpus" to limit the number of CPUs, disabling turbo via:

 echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo

results in a crash:

 PF: supervisor read access in kernel mode
 PF: error_code(0x0000) - not-present page
 PGD 0 P4D 0
 Oops: Oops: 0000 [#1] SMP PTI
 ...
 RIP: 0010:store_no_turbo+0x100/0x1f0
 ...

This occurs because for_each_possible_cpu() returns CPUs even if they
are not online. For those CPUs, all_cpu_data[] will be NULL. Since
commit 973207ae3d7c ("cpufreq: intel_pstate: Rearrange max frequency
updates handling code"), all_cpu_data[] is dereferenced even for CPUs
which are not online, causing the NULL pointer dereference.

To fix that, pass CPU number to intel_pstate_update_max_freq() and use
all_cpu_data[] for those CPUs for which there is a valid cpufreq policy.
Comment 1 Alexander B 2026-03-25 15:51:21 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026032533-CVE-2026-23332-50e0@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.