FKIE_CVE-2023-54279

Vulnerability from fkie_nvd - Published: 2025-12-30 13:16 - Updated: 2026-04-15 00:35
Severity
Summary
In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fw_getenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointer dereference.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0f91290774c798199ba4b8df93de5c3156b5163d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3ef93b7bd9e042db240843f24a80e14da38c6830
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/47e61cadc7a5f3dffd42d2d6fda81be163f1ab82
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/830181ddced5a05a711dc9da8043203b1f33a77e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a6b54af407873227caef6262e992f5422cdcb6ae
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ad79828f133e98585ab2236cad04a55eb7141bbe
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/aeed787bbbbe1b842beec9a065a36c915226f704
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ee1809ed7bc456a72dc8410b475b73021a3a68d5
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f334b31625683418aaa2a335470eec950a95a254
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: fw: Allow firmware to pass a empty env\n\nfw_getenv will use env entry to determine style of env,\nhowever it is legal for firmware to just pass a empty list.\n\nCheck if first entry exist before running strchr to avoid\nnull pointer dereference."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nMIPS: fw: Permitir que el firmware pase un \u0027env\u0027 vac\u00edo\n\nfw_getenv utilizar\u00e1 la entrada \u0027env\u0027 para determinar el estilo del \u0027env\u0027, sin embargo, es legal que el firmware simplemente pase una lista vac\u00eda.\n\nComprobar si la primera entrada existe antes de ejecutar strchr para evitar la desreferencia de puntero nulo."
    }
  ],
  "id": "CVE-2023-54279",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {},
  "published": "2025-12-30T13:16:16.860",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0f91290774c798199ba4b8df93de5c3156b5163d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3ef93b7bd9e042db240843f24a80e14da38c6830"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/47e61cadc7a5f3dffd42d2d6fda81be163f1ab82"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/830181ddced5a05a711dc9da8043203b1f33a77e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a6b54af407873227caef6262e992f5422cdcb6ae"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ad79828f133e98585ab2236cad04a55eb7141bbe"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/aeed787bbbbe1b842beec9a065a36c915226f704"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ee1809ed7bc456a72dc8410b475b73021a3a68d5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f334b31625683418aaa2a335470eec950a95a254"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Deferred"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.