CVE-2026-43313 - Vulnerability Details

- ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()

Description

In the Linux kernel, the following vulnerability has been resolved:

ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()

In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE
device and then reassigned an ISA device:

dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...);
dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...);

If the first lookup succeeds but the second fails, dev becomes NULL. This
leads to a potential null-pointer dereference when dev_dbg() is called:

if (errata.piix4.bmisx)
dev_dbg(&dev->dev, ...);

To prevent this, use two temporary pointers and retrieve each device
independently, avoiding overwriting dev with a possible NULL value.

[ rjw: Subject adjustment, added an empty code line ]

Published: 2026-05-08

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A null-pointer dereference occurs in acpi_processor_errata_piix4() when a first device lookup succeeds and a second lookup fails, overwriting the device pointer with NULL and causing dev_dbg() to dereference a NULL pointer. This flaw can trigger a kernel crash, effectively denying service to the system. The weakness is a classic null-pointer dereference (CWE‑476).

Affected Systems

The vulnerability affects the Linux kernel, as indicated by the vendor and product names. No specific kernel versions are listed in the CNA data; however, any kernel implementing the defective acpi_processor_errata_piix4() code may be affected. Users running an unpatched kernel should verify whether the code path is enabled.

Risk and Exploitability

The CVSS score is not provided, and no EPSS value is available, so the exact severity cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. Lack of a public exploit does not preclude risk; the flaw could be triggered by an attacker with local or remote access that can influence ACPI device handling, such as during normal boot or through crafted ACPI tables. The risk is principally a denial-of-service via kernel panic rather than data exfiltration or privilege escalation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< ad86ac604f8391c0212a91412d4f764c7a85f254
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 01e8751b37a366b1ca561add0042f2ceb18c03bf
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< b803811485ac0b2f774b6bf3abc8b999ba3b7033
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 29f60d3d06818d40118a30d663231f027ae87a05
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 0398b641be2b66c2fc7e0163c606ef19372e7ad5
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< f132e089fe89cadc2098991f0a3cb05c3f824ac6

Linux

affected

Version	Status	Constraints
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,ad86ac604f8391c0212a91412d4f764c7a85f254)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,01e8751b37a366b1ca561add0042f2ceb18c03bf)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,b803811485ac0b2f774b6bf3abc8b999ba3b7033)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,29f60d3d06818d40118a30d663231f027ae87a05)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,0398b641be2b66c2fc7e0163c606ef19372e7ad5)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,f132e089fe89cadc2098991f0a3cb05c3f824ac6)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest stable Linux kernel that includes the acpi_processor_errata_piix4() fix.
If a kernel update cannot be performed immediately, disable the offending ACPI errata path (if configurable) or restrict the use of affected ACPI hardware until a patched kernel is available.
Continuously monitor system logs and kernel panic data for signs of ACPI‑related crashes, and conduct targeted testing on systems with Intel PIIX4 hardware to confirm that the issue has been mitigated.

Generated by OpenCVE AI on May 8, 2026 at 15:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/01e8751b37a366b1ca561add0042f2ceb18c03bf
https://git.kernel.org/stable/c/0398b641be2b66c2fc7e0163c606ef19372e7ad5
https://git.kernel.org/stable/c/06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5
https://git.kernel.org/stable/c/29f60d3d06818d40118a30d663231f027ae87a05
https://git.kernel.org/stable/c/ad86ac604f8391c0212a91412d4f764c7a85f254
https://git.kernel.org/stable/c/b803811485ac0b2f774b6bf3abc8b999ba3b7033
https://git.kernel.org/stable/c/f132e089fe89cadc2098991f0a3cb05c3f824ac6

History

Fri, 08 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Fri, 08 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE device and then reassigned an ISA device: dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...); dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...); If the first lookup succeeds but the second fails, dev becomes NULL. This leads to a potential null-pointer dereference when dev_dbg() is called: if (errata.piix4.bmisx) dev_dbg(&dev->dev, ...); To prevent this, use two temporary pointers and retrieve each device independently, avoiding overwriting dev with a possible NULL value. [ rjw: Subject adjustment, added an empty code line ]
Title		ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/01e8751b37a366b1ca561add0042f2ceb18c03bf https://git.kernel.org/stable/c/0398b641be2b66c2fc7e0163c606ef19372e7ad5 https://git.kernel.org/stable/c/06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5 https://git.kernel.org/stable/c/29f60d3d06818d40118a30d663231f027ae87a05 https://git.kernel.org/stable/c/ad86ac604f8391c0212a91412d4f764c7a85f254 https://git.kernel.org/stable/c/b803811485ac0b2f774b6bf3abc8b999ba3b7033 https://git.kernel.org/stable/c/f132e089fe89cadc2098991f0a3cb05c3f824ac6

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:11:30.386Z

Updated: 2026-05-08T13:11:30.386Z

Reserved: 2026-05-01T14:12:56.001Z

Link: CVE-2026-43313

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T14:16:39.710

Modified: 2026-05-08T14:16:39.710

Link: CVE-2026-43313

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-08T15:45:08Z

Weaknesses

CWE-476

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object