CVE-2026-23443 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

ACPI: processor: Fix previous acpi_processor_errata_piix4() fix

After commi f132e089fe89 ("ACPI: processor: Fix NULL-pointer dereference
in acpi_processor_errata_piix4()"), device pointers may be dereferenced
after dropping references to the device objects pointed to by them,
which may cause a use-after-free to occur.

Moreover, debug messages about enabling the errata may be printed
if the errata flags corresponding to them are unset.

Address all of these issues by moving message printing to the points
in the code where the errata flags are set.

Published: 2026-04-03

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the Linux kernel's ACPI processor handling allows device pointers to be dereferenced after the kernel has released the reference to the underlying device object. This creates a use‑after‑free condition that can corrupt kernel memory, potentially allowing an attacker with sufficient privileges to execute arbitrary code or cause a system crash.

Affected Systems

All Linux kernel implementations that contain the ACPI processor errata logic before the patch was applied are affected. This includes common distribution kernel packages—such as Ubuntu, Debian, Red‑Hat, CentOS, Fedora, and others—up to the point where the kernel has incorporated the upstream fix for acpi_processor_errata_piix4. The exact kernel versions are not enumerated, so any kernel in use prior to including the commit is potentially vulnerable.

Risk and Exploitability

The vulnerability is a classic use‑after‑free (CWE‑416). No CVSS or EPSS data are provided, and the issue is not listed in the CISA KEV catalog. Exploitation would require local access or an attacker that can trigger kernel code paths that perform the faulty dereference. Though no publicly available exploits are documented, a successful exploitation could lead to privilege escalation or denial of service at the kernel level.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`ad86ac604f8391c0212a91412d4f764c7a85f254`	affected	< 2e369ba9eb7b8a06e9cc35a3e7fe73e59272f8c2
`01e8751b37a366b1ca561add0042f2ceb18c03bf`	affected	< edf4c2aaee08e8fd503fbae705c801e92a0b55d7
`b803811485ac0b2f774b6bf3abc8b999ba3b7033`	affected	< e0c470049344e9346fff79d7e2362212c216665e
`29f60d3d06818d40118a30d663231f027ae87a05`	affected	< 98473309a36acc271009b85e0bb53a4c0dddf5c2
`0398b641be2b66c2fc7e0163c606ef19372e7ad5`	affected	< 8583f62259e1b315d5239371adfb36939cdab741
`f132e089fe89cadc2098991f0a3cb05c3f824ac6`	affected	< bf504b229cb8d534eccbaeaa23eba34c05131e25
`06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5`	affected	—

Linux

affected

Version	Status	Constraints
`7.0-rc1`	affected	—
`0`	unaffected	< 7.0-rc1
`6.1.167`	unaffected	≤ 6.1.*
`6.6.130`	unaffected	≤ 6.6.*
`6.12.78`	unaffected	≤ 6.12.*
`6.18.20`	unaffected	≤ 6.18.*
`6.19.10`	unaffected	≤ 6.19.*
`7.0-rc5`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[ad86ac604f8391c0212a91412d4f764c7a85f254,2e369ba9eb7b8a06e9cc35a3e7fe73e59272f8c2)`	affected	code_commit	—
`[01e8751b37a366b1ca561add0042f2ceb18c03bf,edf4c2aaee08e8fd503fbae705c801e92a0b55d7)`	affected	code_commit	—
`[b803811485ac0b2f774b6bf3abc8b999ba3b7033,e0c470049344e9346fff79d7e2362212c216665e)`	affected	code_commit	—
`[29f60d3d06818d40118a30d663231f027ae87a05,98473309a36acc271009b85e0bb53a4c0dddf5c2)`	affected	code_commit	—
`[0398b641be2b66c2fc7e0163c606ef19372e7ad5,8583f62259e1b315d5239371adfb36939cdab741)`	affected	code_commit	—
`[f132e089fe89cadc2098991f0a3cb05c3f824ac6,bf504b229cb8d534eccbaeaa23eba34c05131e25)`	affected	code_commit	—
`06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`7.0-rc1`	affected	semver	—
`[0,7.0-rc1)`	unaffected	generic	—
`[6.1.167,6.2.0)`	unaffected	semver	—
`[6.6.130,6.7.0)`	unaffected	semver	—
`[6.12.78,6.13.0)`	unaffected	semver	—
`[6.18.20,6.19.0)`	unaffected	semver	—
`[6.19.10,6.20.0)`	unaffected	semver	—
`[7.0-rc5,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the kernel to a version that includes the acpi_processor_errata_piix4 use‑after‑free fix, such as the latest stable release from your distribution’s kernel package.
Verify the kernel version after updating by running 'uname -r' or checking the distribution’s release notes to ensure the patch is present.
Reboot the system to load the updated kernel and fully apply the fix.

Generated by OpenCVE AI on April 3, 2026 at 18:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2e369ba9eb7b8a06e9cc35a3e7fe73e59272f8c2
https://git.kernel.org/stable/c/8583f62259e1b315d5239371adfb36939cdab741
https://git.kernel.org/stable/c/98473309a36acc271009b85e0bb53a4c0dddf5c2
https://git.kernel.org/stable/c/bf504b229cb8d534eccbaeaa23eba34c05131e25
https://git.kernel.org/stable/c/e0c470049344e9346fff79d7e2362212c216665e
https://git.kernel.org/stable/c/edf4c2aaee08e8fd503fbae705c801e92a0b55d7
https://lore.kernel.org/linux-cve-announce/2026040314-CVE-2026-23443-19e2@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23443
https://www.cve.org/CVERecord?id=CVE-2026-23443

History

Sat, 04 Apr 2026 01:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026040314-CVE-2026-23443-19e2@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23443 https://www.cve.org/CVERecord?id=CVE-2026-23443

Fri, 03 Apr 2026 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416

Fri, 03 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix previous acpi_processor_errata_piix4() fix After commi f132e089fe89 ("ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()"), device pointers may be dereferenced after dropping references to the device objects pointed to by them, which may cause a use-after-free to occur. Moreover, debug messages about enabling the errata may be printed if the errata flags corresponding to them are unset. Address all of these issues by moving message printing to the points in the code where the errata flags are set.
Title		ACPI: processor: Fix previous acpi_processor_errata_piix4() fix
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2e369ba9eb7b8a06e9cc35a3e7fe73e59272f8c2 https://git.kernel.org/stable/c/8583f62259e1b315d5239371adfb36939cdab741 https://git.kernel.org/stable/c/98473309a36acc271009b85e0bb53a4c0dddf5c2 https://git.kernel.org/stable/c/bf504b229cb8d534eccbaeaa23eba34c05131e25 https://git.kernel.org/stable/c/e0c470049344e9346fff79d7e2362212c216665e https://git.kernel.org/stable/c/edf4c2aaee08e8fd503fbae705c801e92a0b55d7

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-03T15:15:27.698Z

Updated: 2026-04-03T15:15:27.698Z

Reserved: 2026-01-13T15:37:46.018Z

Link: CVE-2026-23443

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-03T16:16:28.573

Modified: 2026-04-03T16:16:28.573

Link: CVE-2026-23443

Redhat

Severity :

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23443 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-03T21:16:08Z

Weaknesses

CWE-416

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object