CVE-2026-43313 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE device and then reassigned an ISA device: dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...); dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...); If the first lookup succeeds but the second fails, dev becomes NULL. This leads to a potential null-pointer dereference when dev_dbg() is called: if (errata.piix4.bmisx) dev_dbg(&dev->dev, ...); To prevent this, use two temporary pointers and retrieve each device independently, avoiding overwriting dev with a possible NULL value. [ rjw: Subject adjustment, added an empty code line ]

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux	Linux Kernel

References

Link	Providers
https://git.kernel.org/stable/c/01e8751b37a366b1ca561add0042f2ceb18c03bf
https://git.kernel.org/stable/c/0398b641be2b66c2fc7e0163c606ef19372e7ad5
https://git.kernel.org/stable/c/06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5
https://git.kernel.org/stable/c/29f60d3d06818d40118a30d663231f027ae87a05
https://git.kernel.org/stable/c/ad86ac604f8391c0212a91412d4f764c7a85f254
https://git.kernel.org/stable/c/b803811485ac0b2f774b6bf3abc8b999ba3b7033
https://git.kernel.org/stable/c/f132e089fe89cadc2098991f0a3cb05c3f824ac6

History

Fri, 08 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Fri, 08 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE device and then reassigned an ISA device: dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...); dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...); If the first lookup succeeds but the second fails, dev becomes NULL. This leads to a potential null-pointer dereference when dev_dbg() is called: if (errata.piix4.bmisx) dev_dbg(&dev->dev, ...); To prevent this, use two temporary pointers and retrieve each device independently, avoiding overwriting dev with a possible NULL value. [ rjw: Subject adjustment, added an empty code line ]
Title		ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/01e8751b37a366b1ca561add0042f2ceb18c03bf https://git.kernel.org/stable/c/0398b641be2b66c2fc7e0163c606ef19372e7ad5 https://git.kernel.org/stable/c/06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5 https://git.kernel.org/stable/c/29f60d3d06818d40118a30d663231f027ae87a05 https://git.kernel.org/stable/c/ad86ac604f8391c0212a91412d4f764c7a85f254 https://git.kernel.org/stable/c/b803811485ac0b2f774b6bf3abc8b999ba3b7033 https://git.kernel.org/stable/c/f132e089fe89cadc2098991f0a3cb05c3f824ac6

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:11:30.386Z

Updated: 2026-05-08T13:11:30.386Z

Reserved: 2026-05-01T14:12:56.001Z

Link: CVE-2026-43313

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T14:16:39.710

Modified: 2026-05-08T14:16:39.710

Link: CVE-2026-43313

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-08T15:45:08Z

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object