Skip to main content

Linux Kernel EUVDEUVD-2026-32267

| CVE-2026-45982 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-cx9f-vr2h-m23w
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local-only trigger via ACPI subsystem, low-privilege user sufficient, purely availability impact from kernel panic, no data exposure or integrity change.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 02:59 vuln.today
CVSS changed
Jun 16, 2026 - 02:52 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch()

Cover a missed execution path with a new check.

AnalysisAI

NULL pointer dereference in the Linux kernel's ACPICA subsystem crashes the kernel via a missed execution path in acpi_ev_address_space_dispatch(), resulting in a local denial of service. Affected systems run Linux kernel versions tracing back to commit 0acf24ad7e10f547809faefb8069f8f5482eb4d9, spanning multiple stable branches through at least 6.19.x. No public exploit exists and EPSS is negligible at 0.02% (7th percentile), but the high availability impact and wide kernel version coverage make patching prudent for any multi-tenant or availability-sensitive Linux environment.

Technical ContextAI

ACPICA (ACPI Component Architecture) is the reference implementation of the ACPI specification embedded in the Linux kernel, responsible for handling hardware power management and device enumeration. The vulnerable function acpi_ev_address_space_dispatch() manages dispatch callbacks for ACPI address space handlers (e.g., SystemMemory, SystemIO, PCI_Config). CWE-476 (NULL Pointer Dereference) indicates that a code path within this function failed to validate a pointer before dereferencing it, triggering a kernel panic when that path is reached. Affected CPE: cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* across multiple stable branches. The bug was introduced with commit 0acf24ad7e10f547809faefb8069f8f5482eb4d9 and was corrected in six separate stable-branch backport commits.

RemediationAI

The primary fix is to upgrade to a patched kernel version: 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, or 7.0, depending on the branch in use. Upstream stable commits are available at the kernel.org stable repository (see references). Distribution-specific packages (Debian, Ubuntu, RHEL, SUSE) will backport these fixes; check your distribution's security advisories. If an immediate kernel upgrade is not feasible, a compensating control is to restrict local user access to the system, reducing the pool of potential attackers to trusted administrators only - note this does not eliminate the vulnerability but raises the bar for exploitation. Disabling ACPI (acpi=off kernel parameter) would prevent triggering the path, but this trade-off is severe: it disables power management and may prevent boot on many systems and is not recommended except in isolated testing environments.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

EUVD-2026-32267 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy