CVE-2026-43313

ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()

Assigner: Linux
Reserved: 01.05.2026 Published: 08.05.2026 Updated: 09.05.2026

In the Linux kernel, the following vulnerability has been resolved:

ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()

In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE device and then reassigned an ISA device:

dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...); dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...);

If the first lookup succeeds but the second fails, dev becomes NULL. This leads to a potential null-pointer dereference when dev_dbg() is called:

if (errata.piix4.bmisx) dev_dbg(&dev->dev, ...);

To prevent this, use two temporary pointers and retrieve each device independently, avoiding overwriting dev with a possible NULL value.

[ rjw: Subject adjustment, added an empty code line ]

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5 (excl.) affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to ad86ac604f8391c0212a91412d4f764c7a85f254 (excl.) affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 01e8751b37a366b1ca561add0042f2ceb18c03bf (excl.) affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to b803811485ac0b2f774b6bf3abc8b999ba3b7033 (excl.) affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 29f60d3d06818d40118a30d663231f027ae87a05 (excl.) affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 0398b641be2b66c2fc7e0163c606ef19372e7ad5 (excl.) affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to f132e089fe89cadc2098991f0a3cb05c3f824ac6 (excl.)

Vendor

Linux

Product

Linux

Versions

Default: unaffected

affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5 (excl.)
affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to ad86ac604f8391c0212a91412d4f764c7a85f254 (excl.)
affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 01e8751b37a366b1ca561add0042f2ceb18c03bf (excl.)
affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to b803811485ac0b2f774b6bf3abc8b999ba3b7033 (excl.)
affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 29f60d3d06818d40118a30d663231f027ae87a05 (excl.)
affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 0398b641be2b66c2fc7e0163c606ef19372e7ad5 (excl.)
affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to f132e089fe89cadc2098991f0a3cb05c3f824ac6 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 2.6.12 is affected unaffected from 0 to 2.6.12 (excl.) unaffected from 5.15.202 to 5.15.* (incl.) unaffected from 6.1.165 to 6.1.* (incl.) unaffected from 6.6.128 to 6.6.* (incl.) unaffected from 6.12.75 to 6.12.* (incl.) unaffected from 6.18.16 to 6.18.* (incl.) unaffected from 6.19.6 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

Vendor

Linux

Product

Linux

Versions

Default: affected

References

CVE-2026-43313 PUBLISHED