CVE-2026-43313
NULL-pointer Dereference in Linux Kernel ACPI Processor
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's ACPI processor code, specifically in the function acpi_processor_errata_piix4().
Within this function, a pointer named dev is first assigned to an IDE device and then reassigned to an ISA device. If the first assignment succeeds but the second fails, dev becomes NULL.
Later, the code attempts to use dev without checking if it is NULL, leading to a potential NULL-pointer dereference when dev_dbg() is called.
The fix involves using two temporary pointers to retrieve each device independently, preventing dev from being overwritten with a NULL value.
How can this vulnerability impact me? :
A NULL-pointer dereference in kernel code can cause the affected system to crash or become unstable, potentially leading to a denial of service.
Since this occurs in the Linux kernel's ACPI processor handling, it could impact system reliability and availability.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is resolved by fixing the null-pointer dereference in the Linux kernel's ACPI processor code. To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes the fix for CVE-2026-43313.
This fix involves changing the code to use two temporary pointers to retrieve each device independently, avoiding overwriting a device pointer with a NULL value.