Skip to main content

Linux CVE-2026-23443

| EUVDEUVD-2026-18686 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-04-03 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Apr 23, 2026 - 21:11 NVD
5.5 (MEDIUM)
Patch available
Apr 16, 2026 - 05:29 EUVD
2e369ba9eb7b8a06e9cc35a3e7fe73e59272f8c2,8583f62259e1b315d5239371adfb36939cdab741,98473309a36acc271009b85e0bb53a4c0dddf5c2
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18686
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
CVE Published
Apr 03, 2026 - 15:15 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ACPI: processor: Fix previous acpi_processor_errata_piix4() fix

After commi f132e089fe89 ("ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()"), device pointers may be dereferenced after dropping references to the device objects pointed to by them, which may cause a use-after-free to occur.

Moreover, debug messages about enabling the errata may be printed if the errata flags corresponding to them are unset.

Address all of these issues by moving message printing to the points in the code where the errata flags are set.

AnalysisAI

Use-after-free vulnerability in Linux kernel ACPI processor errata handling allows local attackers to cause denial of service or potentially execute code via device pointer dereference after reference dropping in acpi_processor_errata_piix4(). The vulnerability affects multiple Linux kernel versions and was introduced in a previous fix attempt (commit f132e089fe89); it has been resolved across stable kernel branches with no active public exploitation identified.

Technical ContextAI

The vulnerability resides in the ACPI (Advanced Configuration and Power Interface) processor subsystem of the Linux kernel, specifically in the acpi_processor_errata_piix4() function which handles errata workarounds for Intel PIIX4 chipsets. The root cause is a use-after-free condition (CWE-416) where device object pointers are dereferenced after their reference counts are dropped via device_put() calls, potentially causing access to freed memory. Additionally, the original fix introduced a logic error where debug messages about enabling errata flags are printed even when the corresponding errata conditions are unset, representing an information disclosure issue. The affected code path is triggered during ACPI processor initialization on systems with affected Intel PIIX4 chipsets (identified via CPE cpe:2.3:a:linux:linux). The fix involves reordering operations to print messages only after errata flags are confirmed set and before device references are released.

RemediationAI

Vendor-released patches are available across Linux kernel stable branches. Users should update their kernel to the version containing one of the following commit hashes depending on their kernel series: 2e369ba9eb7b8a06e9cc35a3e7fe73e59272f8c2 (available at https://git.kernel.org/stable/c/2e369ba9eb7b8a06e9cc35a3e7fe73e59272f8c2), edf4c2aaee08e8fd503fbae705c801e92a0b55d7, e0c470049344e9346fff79d7e2362212c216665e, 98473309a36acc271009b85e0bb53a4c0dddf5c2, 8583f62259e1b315d5239371adfb36939cdab741, or bf504b229cb8d534eccbaeaa23eba34c05131e25. Administrators should check their Linux distribution's kernel security advisories to identify the exact patched kernel version corresponding to their release series and apply the update via standard package management tools (apt, yum, zypper, etc.). No temporary workaround is applicable as this requires kernel code modification; systems should prioritize timely patching to prevent potential use-after-free exploitation.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23443 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy