CVE-2026-31544

EUVD-2026-25437

24.04.2026, 15:16

In the Linux kernel, the following vulnerability has been resolved:

firmware: arm_scmi: Fix NULL dereference on notify error path

Since commit b5daf93b809d1 ("firmware: arm_scmi: Avoid notifier
registration for unsupported events") the call chains leading to the helper
__scmi_event_handler_get_ops expect an ERR_PTR to be returned on failure to
get an handler for the requested event key, while the current helper can
still return a NULL when no handler could be found or created.

Fix by forcing an ERR_PTR return value when the handler reference is NULL.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

References

https://git.kernel.org/stable/c/555317d6100164748f7d09f80142739bd29f0cda

https://git.kernel.org/stable/c/70d9bd9a2e683afe6200b0c20af22f06f1a199a4

https://git.kernel.org/stable/c/8414d2800c34528467df23ce6192c254a73e4459