CVE-2026-43401

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer dereference exists in the update cpu qos request() function within the intel pstate component. The function attempts to initialize the freq variable by dereferencing cpudata before verifying if the policy is valid. This occurs on systems booted with the "nosmt" parameter, where all cpu data[cpu] is NULL for SMT sibling threads, leading to a crash when the code attempts to access pstate.turbo freq using the NULL cpudata pointer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.