CVE-2026-45982 - Vulnerability Details

- ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch()

Description

In the Linux kernel, the following vulnerability has been resolved:

ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch()

Cover a missed execution path with a new check.

Published: 2026-05-27

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a NULL pointer dereference that occurs when the Linux kernel's ACPI event handler processes certain address space dispatches. It was uncovered along a missed execution path and has been fixed by adding a defensive check. The flaw causes the kernel to attempt to read or write through a null reference, resulting in a crash and a denial of service for the affected system.

Affected Systems

This issue affects the Linux kernel across all operating systems that include the vulnerable ACPI driver code. While the CVE list does not specify individual releases, any kernel version before the patch is potentially vulnerable, so all recent kernels before the update remain at risk.

Risk and Exploitability

The CVSS score of 5.5 and the EPSS score are not available, indicating that official severity metrics are incomplete. The CVE description does not provide details about how the fault can be triggered or what input would cause the dereference. Consequently, the attack vector is not explicitly defined in the provided information, and any assessment of exploitation likelihood must remain uncertain. The vulnerability is not listed in the CISA KEV catalog.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`0acf24ad7e10f547809faefb8069f8f5482eb4d9`	affected	< 7d99cbe717c1b15a66559215df32312d8cf7e525
`0acf24ad7e10f547809faefb8069f8f5482eb4d9`	affected	< f2cf475d23b8486dfa414f7ac09f918ffd3c32a5
`0acf24ad7e10f547809faefb8069f8f5482eb4d9`	affected	< cce354524da4d10fd2c7eb835e2e4e8ab8c0ce97
`0acf24ad7e10f547809faefb8069f8f5482eb4d9`	affected	< b24595b86920911d2b04f862422b896a0620e9ad
`0acf24ad7e10f547809faefb8069f8f5482eb4d9`	affected	< 56024dbe8c76cff22f53ba81a95d9efd4d0c9c44
`0acf24ad7e10f547809faefb8069f8f5482eb4d9`	affected	< f851e03bce968ff9b3faad1b616062e1244fd38d

Linux

affected

Version	Status	Constraints
`5.17`	affected	—
`0`	unaffected	< 5.17
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[0acf24ad7e10f547809faefb8069f8f5482eb4d9,7d99cbe717c1b15a66559215df32312d8cf7e525)`	affected	code_commit	—
`[0acf24ad7e10f547809faefb8069f8f5482eb4d9,f2cf475d23b8486dfa414f7ac09f918ffd3c32a5)`	affected	code_commit	—
`[0acf24ad7e10f547809faefb8069f8f5482eb4d9,cce354524da4d10fd2c7eb835e2e4e8ab8c0ce97)`	affected	code_commit	—
`[0acf24ad7e10f547809faefb8069f8f5482eb4d9,b24595b86920911d2b04f862422b896a0620e9ad)`	affected	code_commit	—
`[0acf24ad7e10f547809faefb8069f8f5482eb4d9,56024dbe8c76cff22f53ba81a95d9efd4d0c9c44)`	affected	code_commit	—
`[0acf24ad7e10f547809faefb8069f8f5482eb4d9,f851e03bce968ff9b3faad1b616062e1244fd38d)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.17`	affected	semver	—
`[0,5.17)`	unaffected	generic	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.14,6.19.0)`	unaffected	semver	—
`[6.19.4,7.0.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest stable Linux kernel update that includes the ACPI patch
If an urgent kernel update is not possible, add the acpi=off parameter to the kernel boot line to disable ACPI processing
If ACPI is required, restrict ACPI access by setting acpi=force or using the acpi=off flag for noncritical subsystems
Continuously monitor system logs for ACPI errors or kernel panics that might indicate exploitation attempts

Generated by OpenCVE AI on May 28, 2026 at 02:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/56024dbe8c76cff22f53ba81a95d9efd4d0c9c44
https://git.kernel.org/stable/c/7d99cbe717c1b15a66559215df32312d8cf7e525
https://git.kernel.org/stable/c/b24595b86920911d2b04f862422b896a0620e9ad
https://git.kernel.org/stable/c/cce354524da4d10fd2c7eb835e2e4e8ab8c0ce97
https://git.kernel.org/stable/c/f2cf475d23b8486dfa414f7ac09f918ffd3c32a5
https://git.kernel.org/stable/c/f851e03bce968ff9b3faad1b616062e1244fd38d
https://lore.kernel.org/linux-cve-announce/2026052738-CVE-2026-45982-0555@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-45982
https://www.cve.org/CVERecord?id=CVE-2026-45982

History

Thu, 28 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026052738-CVE-2026-45982-0555@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-45982 https://www.cve.org/CVERecord?id=CVE-2026-45982
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 27 May 2026 21:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() Cover a missed execution path with a new check.
Title		ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/56024dbe8c76cff22f53ba81a95d9efd4d0c9c44 https://git.kernel.org/stable/c/7d99cbe717c1b15a66559215df32312d8cf7e525 https://git.kernel.org/stable/c/b24595b86920911d2b04f862422b896a0620e9ad https://git.kernel.org/stable/c/cce354524da4d10fd2c7eb835e2e4e8ab8c0ce97 https://git.kernel.org/stable/c/f2cf475d23b8486dfa414f7ac09f918ffd3c32a5 https://git.kernel.org/stable/c/f851e03bce968ff9b3faad1b616062e1244fd38d

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:18:40.822Z

Updated: 2026-05-27T12:18:40.822Z

Reserved: 2026-05-13T15:03:33.090Z

Link: CVE-2026-45982

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-27T14:17:15.383

Modified: 2026-06-17T10:52:50.607

Link: CVE-2026-45982

Redhat

Severity : Low

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45982 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T02:45:05Z

Weaknesses

CWE-476
NULL Pointer Dereference

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object