Copyright © 2012 Red Hat, Inc. All rights reserved. Low 2026-04-24T00:00:00 kernel: firmware: arm_scmi: Fix NULL dereference on notify error path 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CWE-476

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix NULL dereference on notify error path Since commit b5daf93b809d1 ("firmware: arm_scmi: Avoid notifier registration for unsupported events") the call chains leading to the helper __scmi_event_handler_get_ops expect an ERR_PTR to be returned on failure to get an handler for the requested event key, while the current helper can still return a NULL when no handler could be found or created. Fix by forcing an ERR_PTR return value when the handler reference is NULL.

A flaw was found in the Linux kernel's arm_scmi firmware component. The __scmi_event_handler_get_ops helper function can return a NULL pointer when an event handler is not found or created, instead of an expected error pointer. This improper handling of the error path leads to a NULL dereference vulnerability. Exploitation of this flaw can cause a system crash, resulting in a Denial of Service (DoS).

Red Hat Enterprise Linux 10 Fix deferred kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Not affected kernel Red Hat Enterprise Linux 9 Not affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-31544 https://nvd.nist.gov/vuln/detail/CVE-2026-31544 https://lore.kernel.org/linux-cve-announce/2026042424-CVE-2026-31544-7fc3@gregkh/T