CVE-2026-43313

MEDIUM

ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE device and then reassigned an ISA device: dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...); dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...); If the first lookup succeeds but the second fails, dev becomes NULL. This leads to a potential null-pointer dereference when dev_dbg() is called: if (errata.piix4.bmisx) dev_dbg(&dev->dev, ...); To prevent this, use two temporary pointers and retrieve each device independently, avoiding overwriting dev with a possible NULL value. [ rjw: Subject adjustment, added an empty code line ]

Scores

CVSS v3 5.5
EPSS 0.0012
EPSS Percentile 2.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (24)
linux/Kernel 2.6.12 - 5.15.202linux
linux/Kernel 5.16.0 - 6.1.165linux
linux/Kernel 6.13.0 - 6.18.16linux
linux/Kernel 6.19.0 - 6.19.6linux
linux/Kernel 6.2.0 - 6.6.128linux
linux/Kernel 6.7.0 - 6.12.75linux
Linux/Linux < 2.6.12
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 01e8751b37a366b1ca561add0042f2ceb18c03bf
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 0398b641be2b66c2fc7e0163c606ef19372e7ad5
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5
... and 14 more
Published May 08, 2026
Tracked Since May 08, 2026