2454856 – (CVE-2026-23443) CVE-2026-23443 kernel: ACPI: processor: Fix previous acpi_processor_errata_piix4() fix

Bug 2454856 (CVE-2026-23443) - CVE-2026-23443 kernel: ACPI: processor: Fix previous acpi_processor_errata_piix4() fix

Summary: CVE-2026-23443 kernel: ACPI: processor: Fix previous acpi_processor_errata_pi...

Keywords:
Status:	NEW
Alias:	CVE-2026-23443
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-03 16:04 UTC by OSIDB Bzimport
Modified:	2026-04-03 17:26 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-03 16:04:35 UTC

In the Linux kernel, the following vulnerability has been resolved:

ACPI: processor: Fix previous acpi_processor_errata_piix4() fix

After commi f132e089fe89 ("ACPI: processor: Fix NULL-pointer dereference
in acpi_processor_errata_piix4()"), device pointers may be dereferenced
after dropping references to the device objects pointed to by them,
which may cause a use-after-free to occur.

Moreover, debug messages about enabling the errata may be printed
if the errata flags corresponding to them are unset.

Address all of these issues by moving message printing to the points
in the code where the errata flags are set.

Comment 1 Jon Moroney 2026-04-03 17:23:50 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026040314-CVE-2026-23443-19e2@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.