CVE-2026-23443 - Vulnerability Details

- ACPI: processor: Fix previous acpi_processor_errata_piix4() fix

Description

In the Linux kernel, the following vulnerability has been resolved:

ACPI: processor: Fix previous acpi_processor_errata_piix4() fix

After commi f132e089fe89 ("ACPI: processor: Fix NULL-pointer dereference
in acpi_processor_errata_piix4()"), device pointers may be dereferenced
after dropping references to the device objects pointed to by them,
which may cause a use-after-free to occur.

Moreover, debug messages about enabling the errata may be printed
if the errata flags corresponding to them are unset.

Address all of these issues by moving message printing to the points
in the code where the errata flags are set.

Published: 2026-04-03

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel contains a flaw in the ACPI processor errata handling routine that may cause a use‑after‑free when a device pointer is dereferenced after the kernel has released its reference to the underlying device object. This flaw is a classic null‑pointer dereference that can corrupt kernel memory and, if successfully exploited, could lead to kernel panic or privilege escalation.

Affected Systems

All Linux kernel versions that include the ACPI processor errata logic before the mentioned upstream commit are affected. The change applies to kernel releases that contain the acpi_processor_errata_piix4 function, which are all kernels up to the point where the patch was integrated. Operators should verify whether their deployed kernel incorporates this fix.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity. The EPSS score of less than 1 % suggests a low current likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Exploitation would require the attacker to trigger the faulty code path in kernel mode, most likely through local or privilege‑elevated access. No publicly available exploits are currently documented, but successful exploitation could disrupt the affected system or provide a foothold for higher‑privilege attacks.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5`	affected	< 68408e8f9e366ad9850a66ac65cb569f13bf6cd4
`ad86ac604f8391c0212a91412d4f764c7a85f254`	affected	< 2e369ba9eb7b8a06e9cc35a3e7fe73e59272f8c2
`01e8751b37a366b1ca561add0042f2ceb18c03bf`	affected	< edf4c2aaee08e8fd503fbae705c801e92a0b55d7
`b803811485ac0b2f774b6bf3abc8b999ba3b7033`	affected	< e0c470049344e9346fff79d7e2362212c216665e
`29f60d3d06818d40118a30d663231f027ae87a05`	affected	< 98473309a36acc271009b85e0bb53a4c0dddf5c2
`0398b641be2b66c2fc7e0163c606ef19372e7ad5`	affected	< 8583f62259e1b315d5239371adfb36939cdab741
`f132e089fe89cadc2098991f0a3cb05c3f824ac6`	affected	< bf504b229cb8d534eccbaeaa23eba34c05131e25

Linux

unaffected

Version	Status	Constraints
`5.15.202`	affected	< 5.15.203
`6.1.165`	affected	< 6.1.167
`6.6.128`	affected	< 6.6.130
`6.12.75`	affected	< 6.12.78
`6.18.16`	affected	< 6.18.20
`6.19.6`	affected	< 6.19.10

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.15.202:::::::*

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[ad86ac604f8391c0212a91412d4f764c7a85f254,2e369ba9eb7b8a06e9cc35a3e7fe73e59272f8c2)`	affected	code_commit	—
`[01e8751b37a366b1ca561add0042f2ceb18c03bf,edf4c2aaee08e8fd503fbae705c801e92a0b55d7)`	affected	code_commit	—
`[b803811485ac0b2f774b6bf3abc8b999ba3b7033,e0c470049344e9346fff79d7e2362212c216665e)`	affected	code_commit	—
`[29f60d3d06818d40118a30d663231f027ae87a05,98473309a36acc271009b85e0bb53a4c0dddf5c2)`	affected	code_commit	—
`[0398b641be2b66c2fc7e0163c606ef19372e7ad5,8583f62259e1b315d5239371adfb36939cdab741)`	affected	code_commit	—
`[f132e089fe89cadc2098991f0a3cb05c3f824ac6,bf504b229cb8d534eccbaeaa23eba34c05131e25)`	affected	code_commit	—
`06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`7.0-rc1`	affected	semver	—
`[0,7.0-rc1)`	unaffected	generic	—
`[6.1.167,6.2.0)`	unaffected	semver	—
`[6.6.130,6.7.0)`	unaffected	semver	—
`[6.12.78,6.13.0)`	unaffected	semver	—
`[6.18.20,6.19.0)`	unaffected	semver	—
`[6.19.10,6.20.0)`	unaffected	semver	—
`[7.0-rc5,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the kernel to the latest version supplied by your distribution that includes the acpi_processor_errata_piix4 fix.
Reboot the system to load the updated kernel and fully apply the fix.
If the available distribution kernels are outdated, obtain the upstream patch that resolves the use‑after‑free and integrate or backport it to the installed kernel.

Generated by OpenCVE AI on April 29, 2026 at 03:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2e369ba9eb7b8a06e9cc35a3e7fe73e59272f8c2
https://git.kernel.org/stable/c/68408e8f9e366ad9850a66ac65cb569f13bf6cd4
https://git.kernel.org/stable/c/8583f62259e1b315d5239371adfb36939cdab741
https://git.kernel.org/stable/c/98473309a36acc271009b85e0bb53a4c0dddf5c2
https://git.kernel.org/stable/c/bf504b229cb8d534eccbaeaa23eba34c05131e25
https://git.kernel.org/stable/c/e0c470049344e9346fff79d7e2362212c216665e
https://git.kernel.org/stable/c/edf4c2aaee08e8fd503fbae705c801e92a0b55d7
https://lore.kernel.org/linux-cve-announce/2026040314-CVE-2026-23443-19e2@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23443
https://www.cve.org/CVERecord?id=CVE-2026-23443

History

Wed, 29 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-416

Thu, 23 Apr 2026 21:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476
CPEs		cpe:2.3:o:linux:linux_kernel:5.15.202:::::::*
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Sat, 18 Apr 2026 09:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/68408e8f9e366ad9850a66ac65cb569f13bf6cd4

Sat, 04 Apr 2026 01:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026040314-CVE-2026-23443-19e2@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23443 https://www.cve.org/CVERecord?id=CVE-2026-23443

Fri, 03 Apr 2026 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416

Fri, 03 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix previous acpi_processor_errata_piix4() fix After commi f132e089fe89 ("ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()"), device pointers may be dereferenced after dropping references to the device objects pointed to by them, which may cause a use-after-free to occur. Moreover, debug messages about enabling the errata may be printed if the errata flags corresponding to them are unset. Address all of these issues by moving message printing to the points in the code where the errata flags are set.
Title		ACPI: processor: Fix previous acpi_processor_errata_piix4() fix
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2e369ba9eb7b8a06e9cc35a3e7fe73e59272f8c2 https://git.kernel.org/stable/c/8583f62259e1b315d5239371adfb36939cdab741 https://git.kernel.org/stable/c/98473309a36acc271009b85e0bb53a4c0dddf5c2 https://git.kernel.org/stable/c/bf504b229cb8d534eccbaeaa23eba34c05131e25 https://git.kernel.org/stable/c/e0c470049344e9346fff79d7e2362212c216665e https://git.kernel.org/stable/c/edf4c2aaee08e8fd503fbae705c801e92a0b55d7

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-03T15:15:27.698Z

Updated: 2026-05-11T22:07:00.396Z

Reserved: 2026-01-13T15:37:46.018Z

Link: CVE-2026-23443

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-04-03T16:16:28.573

Modified: 2026-04-23T20:58:48.307

Link: CVE-2026-23443

Redhat

Severity :

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23443 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-29T03:30:15Z

Weaknesses

CWE-476

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object