CVE-2026-23062

EPSS -
Veröffentlicht 04.02.2026 16:07:44
Zuletzt bearbeitet 04.02.2026 17:16:16
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro

The GET_INSTANCE_ID macro that caused a kernel panic when accessing sysfs
attributes:

1. Off-by-one error: The loop condition used '<=' instead of '<',
   causing access beyond array bounds. Since array indices are 0-based
   and go from 0 to instances_count-1, the loop should use '<'.

2. Missing NULL check: The code dereferenced attr_name_kobj->name
   without checking if attr_name_kobj was NULL, causing a null pointer
   dereference in min_length_show() and other attribute show functions.

The panic occurred when fwupd tried to read BIOS configuration attributes:

  Oops: general protection fault [#1] SMP KASAN NOPTI
  KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
  RIP: 0010:min_length_show+0xcf/0x1d0 [hp_bioscfg]

Add a NULL check for attr_name_kobj before dereferencing and corrects
the loop boundary to match the pattern used elsewhere in the driver.

Betroffene Produkte Warnungen 0 Metriken 0 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < eb5ff1025c92117d5d1cc728bcfa294abe484da1

Version 5f94f181ca25d8c5b77beb2da0cb466ddb6ece29

Status affected

Version < eba49c1dee9c5e514ca18e52c545bba524e8a045

Version 5f94f181ca25d8c5b77beb2da0cb466ddb6ece29

Status affected

Version < 193922a23d7294085a47d7719fdb7d66ad0a236f

Version 5f94f181ca25d8c5b77beb2da0cb466ddb6ece29

Status affected

Version < 25150715e0b049b99df664daf05dab12f41c3e13

Version 5f94f181ca25d8c5b77beb2da0cb466ddb6ece29

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.6

Status affected

Version < 6.6

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.122

Status unaffected

Version <= 6.12.*

Version 6.12.68

Status unaffected

Version <= 6.18.*

Version 6.18.8

Status unaffected

Version <= *

Version 6.19-rc7

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

Es wurden noch keine Metriken (CVSS, EPSS) zu dieser CVE veröffentlicht.

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/eb5ff1025c92117d5d1cc728bcfa294abe484da1

https://git.kernel.org/stable/c/eba49c1dee9c5e514ca18e52c545bba524e8a045

https://git.kernel.org/stable/c/193922a23d7294085a47d7719fdb7d66ad0a236f

https://git.kernel.org/stable/c/25150715e0b049b99df664daf05dab12f41c3e13

https://nvd.nist.gov/vuln/detail/CVE-2026-23062

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23062

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23062

EUVD