CVE-2026-23332

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's cpufreq subsystem, specifically within the intel pstate driver. Disabling turbo boost via /sys/devices/system/cpu/intel pstate/no turbo can lead to a system crash when the kernel is booted with command-line arguments like "nosmt" or "maxcpus" that limit the number of CPUs. This is due to a NULL pointer dereference occurring when for each possible cpu() returns CPUs that are not online, and all cpu data[] is subsequently dereferenced. The issue arises from accessing all cpu data[] for CPUs without a valid cpufreq policy. The crash manifests as a supervisor read access error in kernel mode.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.