CVE-2024-26975

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-26975

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26975.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-26975

Downstream

BELL-CVE-2024-26975

DEBIAN-CVE-2024-26975

RHSA-2024:9315

UBUNTU-CVE-2024-26975

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6878-1

Published

2024-05-01T06:15:14Z

Modified

2025-08-09T20:01:28Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

powercap: intel_rapl: Fix a NULL pointer dereference

A NULL pointer dereference is triggered when probing the MMIO RAPL driver on platforms with CPU ID not listed in intelraplcommon CPU model list.

This is because the intelraplcommon module still probes on such platforms even if 'defaultsmsr' is not set after commit 1488ac990ac8 ("powercap: intelrapl: Allow probing without CPUID match"). Thus the MMIO RAPL rp->priv->defaults is NULL when registering to RAPL framework.

Fix the problem by adding sanity check to ensure rp->priv->rapl_defaults is always valid.

References

Affected packages