SB2026040692 - Use-after-free in Linux kernel acpi driver
Published: April 6, 2026
Security Bulletin ID
SB2026040692
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2026-23443)
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to use-after-free in acpi_processor_errata_piix4() when handling device objects. A local attacker can trigger the vulnerable code path to cause a denial of service.
The issue occurs because device pointers may be dereferenced after references to the corresponding device objects have been dropped.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2e369ba9eb7b8a06e9cc35a3e7fe73e59272f8c2
- https://git.kernel.org/stable/c/8583f62259e1b315d5239371adfb36939cdab741
- https://git.kernel.org/stable/c/98473309a36acc271009b85e0bb53a4c0dddf5c2
- https://git.kernel.org/stable/c/bf504b229cb8d534eccbaeaa23eba34c05131e25
- https://git.kernel.org/stable/c/e0c470049344e9346fff79d7e2362212c216665e
- https://git.kernel.org/stable/c/edf4c2aaee08e8fd503fbae705c801e92a0b55d7