CVE-2026-43313
Published: May 9, 2026Last modified: May 9, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE device and then reassigned an ISA device: dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...); dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...); If the first lookup succeeds but the second fails, dev becomes NULL. This leads to a potential null-pointer dereference when dev_dbg() is called: if (errata.piix4.bmisx) dev_dbg(&dev->dev, ...); To prevent this, use two temporary pointers and retrieve each device independently, avoiding overwriting dev with a possible NULL value. [ rjw: Subject adjustment, added an empty code line ]
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.167-r0) |
| 25 LTS | linux-lts | Fixed (6.12.80-r0) | |
| Stream | linux-lts | Fixed (6.12.76-r0) |
References
- https://git.kernel.org/stable/c/01e8751b37a366b1ca561add0042f2ceb18c03bf
- https://git.kernel.org/stable/c/0398b641be2b66c2fc7e0163c606ef19372e7ad5
- https://git.kernel.org/stable/c/06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5
- https://git.kernel.org/stable/c/29f60d3d06818d40118a30d663231f027ae87a05
- https://git.kernel.org/stable/c/ad86ac604f8391c0212a91412d4f764c7a85f254
- https://git.kernel.org/stable/c/b803811485ac0b2f774b6bf3abc8b999ba3b7033
- https://git.kernel.org/stable/c/f132e089fe89cadc2098991f0a3cb05c3f824ac6