NULL pointer dereference in Linux kernel - CVE-2026-43313
Published: May 9, 2026
Vulnerability identifier: #VU130870
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43313
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a null-pointer dereference in acpi_processor_errata_piix4() when processing PCI device lookups. A local user can trigger the vulnerable code path to cause a denial of service.
How to mitigate CVE-2026-43313
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/01e8751b37a366b1ca561add0042f2ceb18c03bf
- https://git.kernel.org/stable/c/0398b641be2b66c2fc7e0163c606ef19372e7ad5
- https://git.kernel.org/stable/c/06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5
- https://git.kernel.org/stable/c/29f60d3d06818d40118a30d663231f027ae87a05
- https://git.kernel.org/stable/c/ad86ac604f8391c0212a91412d4f764c7a85f254
- https://git.kernel.org/stable/c/b803811485ac0b2f774b6bf3abc8b999ba3b7033
- https://git.kernel.org/stable/c/f132e089fe89cadc2098991f0a3cb05c3f824ac6