Description
In the Linux kernel, the following vulnerability has been resolved:

ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()

In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE
device and then reassigned an ISA device:

dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...);
dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...);

If the first lookup succeeds but the second fails, dev becomes NULL. This
leads to a potential null-pointer dereference when dev_dbg() is called:

if (errata.piix4.bmisx)
dev_dbg(&dev->dev, ...);

To prevent this, use two temporary pointers and retrieve each device
independently, avoiding overwriting dev with a possible NULL value.

[ rjw: Subject adjustment, added an empty code line ]
Published: 2026-05-08
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A null-pointer dereference occurs in acpi_processor_errata_piix4() when a first device lookup succeeds and a second lookup fails, overwriting the device pointer with NULL and causing dev_dbg() to dereference a NULL pointer. This flaw can trigger a kernel crash, effectively denying service to the system. The weakness is a classic null-pointer dereference.

Affected Systems

The vulnerability affects the Linux kernel, as indicated by the vendor and product names. No specific kernel versions are listed in the CNA data; however, any kernel implementing the defective acpi_processor_errata_piix4() code may be affected. Users running an unpatched kernel should verify whether the code path is enabled.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score of 0.00032 reflects a very low exploitation probability and the vulnerability is not listed in CISA KEV. Based on the description, it is inferred that an attacker could trigger the flaw by influencing the ACPI device handling path, for example by providing crafted ACPI tables or by initiating a local or remote exploit that drives the system to enumerate the PIIX4 device during boot. The likely attack vector is local or remote access that can affect ACPI enumeration, leading to a potential kernel panic and denial of service rather than privilege escalation or data exfiltration.

Generated by OpenCVE AI on May 15, 2026 at 18:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest stable Linux kernel that includes the acpi_processor_errata_piix4() fix.
  • If a kernel update cannot be performed immediately, disable the offending ACPI errata path (if configurable) or restrict the use of affected ACPI hardware until a patched kernel is available.
  • Continuously monitor system logs and kernel panic data for signs of ACPI‑related crashes, and conduct targeted testing on systems with Intel PIIX4 hardware to confirm that the issue has been mitigated.

Generated by OpenCVE AI on May 15, 2026 at 18:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
CPEs cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*

Sat, 09 May 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Fri, 08 May 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 08 May 2026 13:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE device and then reassigned an ISA device: dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...); dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...); If the first lookup succeeds but the second fails, dev becomes NULL. This leads to a potential null-pointer dereference when dev_dbg() is called: if (errata.piix4.bmisx) dev_dbg(&dev->dev, ...); To prevent this, use two temporary pointers and retrieve each device independently, avoiding overwriting dev with a possible NULL value. [ rjw: Subject adjustment, added an empty code line ]
Title ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:22:08.644Z

Reserved: 2026-05-01T14:12:56.001Z

Link: CVE-2026-43313

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T14:16:39.710

Modified: 2026-05-15T17:09:58.483

Link: CVE-2026-43313

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43313 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T19:00:07Z

Weaknesses