CVE-2026-23062
Unknown Unknown - Not Provided
Off-by-One and Null Pointer Dereference in Linux hp-bioscfg

Publication date: 2026-02-04

Last updated on: 2026-03-13

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro The GET_INSTANCE_ID macro that caused a kernel panic when accessing sysfs attributes: 1. Off-by-one error: The loop condition used '<=' instead of '<', causing access beyond array bounds. Since array indices are 0-based and go from 0 to instances_count-1, the loop should use '<'. 2. Missing NULL check: The code dereferenced attr_name_kobj->name without checking if attr_name_kobj was NULL, causing a null pointer dereference in min_length_show() and other attribute show functions. The panic occurred when fwupd tried to read BIOS configuration attributes: Oops: general protection fault [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:min_length_show+0xcf/0x1d0 [hp_bioscfg] Add a NULL check for attr_name_kobj before dereferencing and corrects the loop boundary to match the pattern used elsewhere in the driver.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-03-13
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23062
EUVD
EUVD-2026-5482
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.7 (inc) to 6.12.68 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.8 (exc)
linux linux_kernel 6.19
linux linux_kernel From 6.6 (inc) to 6.6.122 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel component platform/x86: hp-bioscfg. It is caused by two programming errors in the GET_INSTANCE_ID macro that leads to a kernel panic when accessing sysfs attributes.

  • An off-by-one error in a loop condition that uses '<=' instead of '<', causing the code to access beyond the bounds of an array.
  • A missing NULL pointer check before dereferencing attr_name_kobj->name, which can cause a null pointer dereference in functions like min_length_show().

These issues cause a general protection fault (kernel panic) when the firmware update daemon (fwupd) tries to read BIOS configuration attributes.

Impact Analysis

This vulnerability can cause the Linux kernel to panic (crash) when certain BIOS configuration attributes are accessed, specifically when fwupd attempts to read them.

A kernel panic results in a system crash, which can lead to downtime, loss of unsaved data, and potential disruption of services running on the affected system.

Compliance Impact

I don't know

Detection Guidance

This vulnerability causes a kernel panic related to the GET_INSTANCE_ID macro in the hp-bioscfg driver when accessing sysfs attributes. Detection can focus on identifying kernel panic logs or oops messages indicating a general protection fault or null pointer dereference in the hp_bioscfg module.

  • Check kernel logs for panic or oops messages related to hp_bioscfg or min_length_show, for example using: dmesg | grep -i 'hp_bioscfg'
  • Look for general protection faults or null pointer dereference errors in kernel logs: dmesg | grep -E 'general protection fault|null-ptr-deref'
  • Monitor sysfs attribute accesses related to BIOS configuration that might trigger the issue, though no specific commands are provided.
Mitigation Strategies

Immediate mitigation involves applying the patch that fixes the off-by-one error and adds the missing NULL check in the hp-bioscfg driver. Until the patch is applied, avoid triggering BIOS configuration attribute reads that cause the kernel panic.

  • Update the Linux kernel to a version that includes the fix for this vulnerability.
  • Avoid using fwupd or other tools that read BIOS configuration attributes via hp-bioscfg until the fix is applied.
  • Monitor system stability and kernel logs for signs of the panic to respond quickly.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23062. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart