CVE-2026-23062
Off-by-One and Null Pointer Dereference in Linux hp-bioscfg
Publication date: 2026-02-04
Last updated on: 2026-03-13
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.7 (inc) to 6.12.68 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.18.8 (exc) |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.6 (inc) to 6.6.122 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel component platform/x86: hp-bioscfg. It is caused by two programming errors in the GET_INSTANCE_ID macro that leads to a kernel panic when accessing sysfs attributes.
- An off-by-one error in a loop condition that uses '<=' instead of '<', causing the code to access beyond the bounds of an array.
- A missing NULL pointer check before dereferencing attr_name_kobj->name, which can cause a null pointer dereference in functions like min_length_show().
These issues cause a general protection fault (kernel panic) when the firmware update daemon (fwupd) tries to read BIOS configuration attributes.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to panic (crash) when certain BIOS configuration attributes are accessed, specifically when fwupd attempts to read them.
A kernel panic results in a system crash, which can lead to downtime, loss of unsaved data, and potential disruption of services running on the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability causes a kernel panic related to the GET_INSTANCE_ID macro in the hp-bioscfg driver when accessing sysfs attributes. Detection can focus on identifying kernel panic logs or oops messages indicating a general protection fault or null pointer dereference in the hp_bioscfg module.
- Check kernel logs for panic or oops messages related to hp_bioscfg or min_length_show, for example using: dmesg | grep -i 'hp_bioscfg'
- Look for general protection faults or null pointer dereference errors in kernel logs: dmesg | grep -E 'general protection fault|null-ptr-deref'
- Monitor sysfs attribute accesses related to BIOS configuration that might trigger the issue, though no specific commands are provided.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves applying the patch that fixes the off-by-one error and adds the missing NULL check in the hp-bioscfg driver. Until the patch is applied, avoid triggering BIOS configuration attribute reads that cause the kernel panic.
- Update the Linux kernel to a version that includes the fix for this vulnerability.
- Avoid using fwupd or other tools that read BIOS configuration attributes via hp-bioscfg until the fix is applied.
- Monitor system stability and kernel logs for signs of the panic to respond quickly.