Medium severity5.5NVD Advisory· Published May 8, 2026· Updated May 15, 2026

CVE-2026-43313

Description

In the Linux kernel, the following vulnerability has been resolved:

ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()

In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE device and then reassigned an ISA device:

dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...); dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...);

If the first lookup succeeds but the second fails, dev becomes NULL. This leads to a potential null-pointer dereference when dev_dbg() is called:

if (errata.piix4.bmisx) dev_dbg(&dev->dev, ...);

To prevent this, use two temporary pointers and retrieve each device independently, avoiding overwriting dev with a possible NULL value.

[ rjw: Subject adjustment, added an empty code line ]

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

No linked articles in our index yet.

MediumCVSS v3.1

5.5/ 10

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Probability of exploitation in the next 30 days.

0.01%

Composite of severity, exploitation, and reach.

0.36medium

CVE-2026-43313