CVE-2026-45968
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel's cpuidle module, occurring on certain PowerNV platforms. The issue arises when only one idle state is registered, leading the governor to incorrectly treat this state, which can invoke a NULL pointer and ultimately cause system crashes.
Risk Assessment
This vulnerability can lead to critical system crashes, jeopardizing the stability and availability of services running on affected platforms. Organizations should be aware of the risks associated with using these systems.
Recommendation
It is recommended to update the Linux kernel to a version that includes the fix for this vulnerability. Additionally, systems should be monitored for potential issues related to this vulnerability.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: cpuidle: Skip governor when only one idle state is available On certain platforms (PowerNV systems without a power-mgt DT node), cpuidle may register only a single idle state. In cases where that single state is a polling state (state 0), the ladder governor may incorrectly treat state 1 as the first usable state and pass an out-of-bounds index. This can lead to a NULL enter callback being invoked, ultimately resulting in a system crash. [ 13.342636] cpuidle-powernv : Only Snooze is available [ 13.351854] Faulting instruction address: 0x00000000 [ 13.376489] NIP [0000000000000000] 0x0 [ 13.378351] LR [c000000001e01974] cpuidle_enter_state+0x2c4/0x668 Fix this by adding a bail-out in cpuidle_select() that returns state 0 directly when state_count <= 1, bypassing the governor and keeping the tick running.

