Skip to main content

Linux Kernel EUVDEUVD-2026-28583

| CVE-2026-43313 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-08 Linux GHSA-px47-fmm9-rxw4
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 15, 2026 - 19:34 vuln.today
CVSS changed
May 15, 2026 - 17:22 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 14:33 EUVD
CVE Published
May 08, 2026 - 13:11 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()

In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE device and then reassigned an ISA device:

dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...); dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...);

If the first lookup succeeds but the second fails, dev becomes NULL. This leads to a potential null-pointer dereference when dev_dbg() is called:

if (errata.piix4.bmisx) dev_dbg(&dev->dev, ...);

To prevent this, use two temporary pointers and retrieve each device independently, avoiding overwriting dev with a possible NULL value.

[ rjw: Subject adjustment, added an empty code line ]

AnalysisAI

NULL pointer dereference in Linux kernel ACPI processor module allows local authenticated attackers to crash the system. The flaw occurs in acpi_processor_errata_piix4() when device lookup logic overwrites a valid pointer with NULL, triggering a crash when accessed by dev_dbg(). Vendor-released patches are available across multiple stable kernel branches (5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0). EPSS exploitation probability is very low (0.02%, 7th percentile), and no public exploit or active exploitation has been identified. The vulnerability requires local access with low privileges (CVSS AV:L/PR:L), making it a lower priority than network-exposed flaws despite the high availability impact.

Technical ContextAI

This vulnerability resides in the Linux kernel ACPI (Advanced Configuration and Power Interface) processor subsystem, specifically in the function acpi_processor_errata_piix4() which handles workarounds for Intel PIIX4 chipset errata. The function uses pci_get_subsys() to locate PCI devices by vendor/device IDs - first searching for PCI_DEVICE_ID_INTEL_82371AB (IDE controller) then PCI_DEVICE_ID_INTEL_82371AB_0 (ISA bridge). The code incorrectly reuses a single pointer variable, allowing the second lookup to overwrite a valid pointer with NULL if the ISA device is not found. When conditional code later dereferences this NULL pointer in dev_dbg(), a kernel NULL pointer dereference (CWE-476) occurs, triggering a kernel panic. This class of vulnerability stems from improper pointer lifecycle management in C code and is particularly dangerous in kernel space where memory errors cannot be isolated. The fix introduces two separate pointer variables to prevent overwriting, ensuring each device reference remains valid throughout its usage scope.

RemediationAI

Apply vendor-released kernel patches immediately for affected branches. Confirmed patched versions include Linux 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, and 7.0. Patches are available from kernel.org git stable repositories at the following commits: b803811485ac for mainline, f132e089fe89 for 6.19.x, 01e8751b37a3 for 6.18.x, 29f60d3d0681 for 6.12.x, 0398b641be2b for 6.6.x, ad86ac604f83 for 6.1.x, and 06724a60cfa9 for 5.15.x (https://git.kernel.org/stable/). For systems that cannot immediately patch, no effective workaround exists since the vulnerable code path is in core ACPI initialization. Disabling ACPI entirely (acpi=off kernel parameter) would prevent the crash but severely degrades system functionality, breaking power management, thermal controls, and CPU frequency scaling - this is not recommended for production. Organizations running legacy PIIX4 hardware should prioritize patching; modern systems are at lower practical risk due to hardware dependency. Verify patch application with kernel version checks (uname -r) matching the patched version numbers above.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-28583 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy