GHSA-PX47-FMM9-RXW4

Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-15 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()

In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE device and then reassigned an ISA device:

dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...); dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...);

If the first lookup succeeds but the second fails, dev becomes NULL. This leads to a potential null-pointer dereference when dev_dbg() is called:

if (errata.piix4.bmisx) dev_dbg(&dev->dev, ...);

To prevent this, use two temporary pointers and retrieve each device independently, avoiding overwriting dev with a possible NULL value.

[ rjw: Subject adjustment, added an empty code line ]

Severity
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2026-43313"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T14:16:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()\n\nIn acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE\ndevice and then reassigned an ISA device:\n\n  dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...);\n  dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...);\n\nIf the first lookup succeeds but the second fails, dev becomes NULL. This\nleads to a potential null-pointer dereference when dev_dbg() is called:\n\n  if (errata.piix4.bmisx)\n    dev_dbg(\u0026dev-\u003edev, ...);\n\nTo prevent this, use two temporary pointers and retrieve each device\nindependently, avoiding overwriting dev with a possible NULL value.\n\n[ rjw: Subject adjustment, added an empty code line ]",
  "id": "GHSA-px47-fmm9-rxw4",
  "modified": "2026-05-15T18:30:30Z",
  "published": "2026-05-08T15:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43313"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/01e8751b37a366b1ca561add0042f2ceb18c03bf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0398b641be2b66c2fc7e0163c606ef19372e7ad5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/29f60d3d06818d40118a30d663231f027ae87a05"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ad86ac604f8391c0212a91412d4f764c7a85f254"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b803811485ac0b2f774b6bf3abc8b999ba3b7033"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f132e089fe89cadc2098991f0a3cb05c3f824ac6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.