Description
In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE device and then reassigned an ISA device: dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...); dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...); If the first lookup succeeds but the second fails, dev becomes NULL. This leads to a potential null-pointer dereference when dev_dbg() is called: if (errata.piix4.bmisx) dev_dbg(&dev->dev, ...); To prevent this, use two temporary pointers and retrieve each device independently, avoiding overwriting dev with a possible NULL value. [ rjw: Subject adjustment, added an empty code line ]
Product status
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before ad86ac604f8391c0212a91412d4f764c7a85f254
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 01e8751b37a366b1ca561add0042f2ceb18c03bf
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before b803811485ac0b2f774b6bf3abc8b999ba3b7033
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 29f60d3d06818d40118a30d663231f027ae87a05
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 0398b641be2b66c2fc7e0163c606ef19372e7ad5
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before f132e089fe89cadc2098991f0a3cb05c3f824ac6
5.15.202 (semver)
6.1.165 (semver)
6.6.128 (semver)
6.12.75 (semver)
6.18.16 (semver)
6.19.6 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/06724a60cfa9767ea90b0f5d3dfb5cdd251b64f5
git.kernel.org/...c/ad86ac604f8391c0212a91412d4f764c7a85f254
git.kernel.org/...c/01e8751b37a366b1ca561add0042f2ceb18c03bf
git.kernel.org/...c/b803811485ac0b2f774b6bf3abc8b999ba3b7033
git.kernel.org/...c/29f60d3d06818d40118a30d663231f027ae87a05
git.kernel.org/...c/0398b641be2b66c2fc7e0163c606ef19372e7ad5
git.kernel.org/...c/f132e089fe89cadc2098991f0a3cb05c3f824ac6