VYPR
Medium severity5.5NVD Advisory· Published May 8, 2026· Updated May 15, 2026

CVE-2026-43313

CVE-2026-43313

Description

In the Linux kernel, the following vulnerability has been resolved:

ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()

In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE device and then reassigned an ISA device:

dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...); dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...);

If the first lookup succeeds but the second fails, dev becomes NULL. This leads to a potential null-pointer dereference when dev_dbg() is called:

if (errata.piix4.bmisx) dev_dbg(&dev->dev, ...);

To prevent this, use two temporary pointers and retrieve each device independently, avoiding overwriting dev with a possible NULL value.

[ rjw: Subject adjustment, added an empty code line ]

Affected products

7
  • Linux/Kernelinferred7 versions
    (expand)+ 6 more
    • (no CPE)
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.12.1,<5.15.202
    • cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.