CVE-2023-54279 — Linux vulnerability

7 documents6 sources

Severity

5.3MEDIUM

No vector

EPSS

0.0%

top 84.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fw_getenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointer dereference.

Affected Packages4 packages

▶Linuxlinux/linux_kernel3.10.0 — 4.14.315+7

▶Debianlinux/linux_kernel< 5.10.191-1+3

▶CVEListV5linux/linux14aecdd419217e041fb5dd2749d11f58503bdf62 — f334b31625683418aaa2a335470eec950a95a254+9

▶debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

OSV

MIPS: fw: Allow firmware to pass a empty env↗2025-12-30

▶

GHSA

GHSA-fp2g-4w3c-p2mv: In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fw_getenv will use env entry to det↗2025-12-30

▶

OSV

CVE-2023-54279: In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fw_getenv will use env entry to deter↗2025-12-30

▶

📋Vendor Advisories

Red Hat

kernel: MIPS: fw: Allow firmware to pass a empty env↗2025-12-30

▶

Debian

CVE-2023-54279: linux - In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: A...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54279 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶