{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "ae1bdd23b99f64335c69d546bff99ca39b894c18"
            },
            {
              "fixed": "6bfda7ce56e7d14a677b7bcd6c7a5009cc29aa88"
            },
            {
              "fixed": "42738dffb7b0766a45882dff7989401d78f66f92"
            },
            {
              "fixed": "ab39cc4cb8ceecdc2b61747433e7237f1ac2b789"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.18.0"
            },
            {
              "fixed": "6.18.19"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "6.19.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43401.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request()\n\nThe update_cpu_qos_request() function attempts to initialize the 'freq'\nvariable by dereferencing 'cpudata' before verifying if the 'policy'\nis valid.\n\nThis issue occurs on systems booted with the \"nosmt\" parameter, where\nall_cpu_data[cpu] is NULL for the SMT sibling threads. As a result,\nany call to update_qos_requests() will result in a NULL pointer\ndereference as the code will attempt to access pstate.turbo_freq using\nthe NULL cpudata pointer.\n\nAlso, pstate.turbo_freq may be updated by intel_pstate_get_hwp_cap()\nafter initializing the 'freq' variable, so it is better to defer the\n'freq' until intel_pstate_get_hwp_cap() has been called.\n\nFix this by deferring the 'freq' assignment until after the policy and\ndriver_data have been validated.\n\n[ rjw: Added one paragraph to the changelog ]",
  "id": "CVE-2026-43401",
  "modified": "2026-07-15T01:49:12.484286369Z",
  "published": "2026-05-08T14:21:42.876Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/42738dffb7b0766a45882dff7989401d78f66f92"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6bfda7ce56e7d14a677b7bcd6c7a5009cc29aa88"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ab39cc4cb8ceecdc2b61747433e7237f1ac2b789"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43401.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43401"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.8.0",
  "summary": "cpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request()"
}