CVE-2024-26975 is a vulnerability identified in the Linux kernel's powercap subsystem, specifically within the intel_rapl (Running Average Power Limit) driver. The flaw arises from a NULL pointer dereference condition triggered during the probing phase of the MMIO (Memory-Mapped I/O) RAPL driver on platforms whose CPU IDs are not included in the intel_rapl_common CPU model list. This occurs because the intel_rapl_common module attempts to probe such platforms even when the 'defaults_msr' flag is not set, a behavior introduced after commit 1488ac990ac8, which allowed probing without a CPUID match. As a result, the MMIO RAPL structure's private data pointer (rp->priv->defaults) remains NULL when the driver attempts to register with the RAPL framework, leading to a NULL pointer dereference. The vulnerability has been addressed by adding a sanity check to ensure that rp->priv->rapl_defaults is always valid before proceeding. This fix prevents the kernel from dereferencing a NULL pointer, thereby avoiding potential kernel crashes or system instability. The vulnerability affects Linux kernel versions containing the specified commit and is relevant to systems using the intel_rapl driver for power management, particularly those with CPUs not explicitly recognized by the driver. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet.

For European organizations, the impact of CVE-2024-26975 primarily concerns system stability and availability. A NULL pointer dereference in the kernel typically results in a kernel panic or system crash, causing denial of service (DoS) conditions. Organizations running Linux on affected hardware platforms—especially those using power management features tied to the intel_rapl driver—may experience unexpected reboots or downtime, potentially disrupting critical services. While this vulnerability does not directly lead to privilege escalation or data confidentiality breaches, the resulting instability can affect operational continuity, particularly in environments relying on Linux servers for infrastructure, cloud services, or embedded systems. Given the widespread use of Linux in European data centers, telecommunications, and industrial control systems, unpatched systems could face increased risk of service interruptions. However, since exploitation requires the system to probe the MMIO RAPL driver on unsupported CPU models, the scope is somewhat limited to specific hardware configurations.

European organizations should prioritize applying the patch that includes the sanity check fix for the intel_rapl driver as soon as it becomes available in their Linux kernel distributions. System administrators should: 1) Identify Linux systems running kernel versions containing the affected commit or earlier; 2) Verify whether the hardware platforms use CPUs not listed in the intel_rapl_common CPU model list and utilize the intel_rapl driver; 3) Update Linux kernels to the latest stable releases provided by their distribution vendors that include the fix for CVE-2024-26975; 4) For environments where immediate patching is not feasible, consider disabling the intel_rapl driver or the powercap subsystem temporarily if power management features are not critical, to prevent the vulnerable code path from executing; 5) Monitor system logs for kernel panics or crashes related to powercap or intel_rapl modules; 6) Incorporate this vulnerability into vulnerability management and patching workflows to ensure timely remediation. Additionally, organizations should test patches in staging environments to confirm stability before wide deployment.