CVE-2023-54279 (GCVE-0-2023-54279)

Vulnerability from cvelistv5 – Published: 2025-12-30 12:16 – Updated: 2026-05-11 19:58
VLAI
Title
MIPS: fw: Allow firmware to pass a empty env
Summary
In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fw_getenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointer dereference.
Severity
No CVSS data available.
Assigner
Impacted products
Vendor Product Version
Linux Linux Affected: 14aecdd419217e041fb5dd2749d11f58503bdf62 , < f334b31625683418aaa2a335470eec950a95a254 (git)
Affected: 14aecdd419217e041fb5dd2749d11f58503bdf62 , < 830181ddced5a05a711dc9da8043203b1f33a77e (git)
Affected: 14aecdd419217e041fb5dd2749d11f58503bdf62 , < 0f91290774c798199ba4b8df93de5c3156b5163d (git)
Affected: 14aecdd419217e041fb5dd2749d11f58503bdf62 , < 47e61cadc7a5f3dffd42d2d6fda81be163f1ab82 (git)
Affected: 14aecdd419217e041fb5dd2749d11f58503bdf62 , < 3ef93b7bd9e042db240843f24a80e14da38c6830 (git)
Affected: 14aecdd419217e041fb5dd2749d11f58503bdf62 , < a6b54af407873227caef6262e992f5422cdcb6ae (git)
Affected: 14aecdd419217e041fb5dd2749d11f58503bdf62 , < ad79828f133e98585ab2236cad04a55eb7141bbe (git)
Affected: 14aecdd419217e041fb5dd2749d11f58503bdf62 , < aeed787bbbbe1b842beec9a065a36c915226f704 (git)
Affected: 14aecdd419217e041fb5dd2749d11f58503bdf62 , < ee1809ed7bc456a72dc8410b475b73021a3a68d5 (git)
Create a notification for this product.
Linux Linux Affected: 3.10
Unaffected: 0 , < 3.10 (semver)
Unaffected: 4.14.315 , ≤ 4.14.* (semver)
Unaffected: 4.19.283 , ≤ 4.19.* (semver)
Unaffected: 5.4.243 , ≤ 5.4.* (semver)
Unaffected: 5.10.180 , ≤ 5.10.* (semver)
Unaffected: 5.15.111 , ≤ 5.15.* (semver)
Unaffected: 6.1.28 , ≤ 6.1.* (semver)
Unaffected: 6.2.15 , ≤ 6.2.* (semver)
Unaffected: 6.3.2 , ≤ 6.3.* (semver)
Unaffected: 6.4 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/mips/fw/lib/cmdline.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f334b31625683418aaa2a335470eec950a95a254",
              "status": "affected",
              "version": "14aecdd419217e041fb5dd2749d11f58503bdf62",
              "versionType": "git"
            },
            {
              "lessThan": "830181ddced5a05a711dc9da8043203b1f33a77e",
              "status": "affected",
              "version": "14aecdd419217e041fb5dd2749d11f58503bdf62",
              "versionType": "git"
            },
            {
              "lessThan": "0f91290774c798199ba4b8df93de5c3156b5163d",
              "status": "affected",
              "version": "14aecdd419217e041fb5dd2749d11f58503bdf62",
              "versionType": "git"
            },
            {
              "lessThan": "47e61cadc7a5f3dffd42d2d6fda81be163f1ab82",
              "status": "affected",
              "version": "14aecdd419217e041fb5dd2749d11f58503bdf62",
              "versionType": "git"
            },
            {
              "lessThan": "3ef93b7bd9e042db240843f24a80e14da38c6830",
              "status": "affected",
              "version": "14aecdd419217e041fb5dd2749d11f58503bdf62",
              "versionType": "git"
            },
            {
              "lessThan": "a6b54af407873227caef6262e992f5422cdcb6ae",
              "status": "affected",
              "version": "14aecdd419217e041fb5dd2749d11f58503bdf62",
              "versionType": "git"
            },
            {
              "lessThan": "ad79828f133e98585ab2236cad04a55eb7141bbe",
              "status": "affected",
              "version": "14aecdd419217e041fb5dd2749d11f58503bdf62",
              "versionType": "git"
            },
            {
              "lessThan": "aeed787bbbbe1b842beec9a065a36c915226f704",
              "status": "affected",
              "version": "14aecdd419217e041fb5dd2749d11f58503bdf62",
              "versionType": "git"
            },
            {
              "lessThan": "ee1809ed7bc456a72dc8410b475b73021a3a68d5",
              "status": "affected",
              "version": "14aecdd419217e041fb5dd2749d11f58503bdf62",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/mips/fw/lib/cmdline.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.10"
            },
            {
              "lessThan": "3.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.315",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.243",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.180",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.111",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.315",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.283",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.243",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.180",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.111",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.28",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.15",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.2",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: fw: Allow firmware to pass a empty env\n\nfw_getenv will use env entry to determine style of env,\nhowever it is legal for firmware to just pass a empty list.\n\nCheck if first entry exist before running strchr to avoid\nnull pointer dereference."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:58:54.080Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f334b31625683418aaa2a335470eec950a95a254"
        },
        {
          "url": "https://git.kernel.org/stable/c/830181ddced5a05a711dc9da8043203b1f33a77e"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f91290774c798199ba4b8df93de5c3156b5163d"
        },
        {
          "url": "https://git.kernel.org/stable/c/47e61cadc7a5f3dffd42d2d6fda81be163f1ab82"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ef93b7bd9e042db240843f24a80e14da38c6830"
        },
        {
          "url": "https://git.kernel.org/stable/c/a6b54af407873227caef6262e992f5422cdcb6ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad79828f133e98585ab2236cad04a55eb7141bbe"
        },
        {
          "url": "https://git.kernel.org/stable/c/aeed787bbbbe1b842beec9a065a36c915226f704"
        },
        {
          "url": "https://git.kernel.org/stable/c/ee1809ed7bc456a72dc8410b475b73021a3a68d5"
        }
      ],
      "title": "MIPS: fw: Allow firmware to pass a empty env",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54279",
    "datePublished": "2025-12-30T12:16:07.018Z",
    "dateReserved": "2025-12-30T12:06:44.524Z",
    "dateUpdated": "2026-05-11T19:58:54.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-54279",
      "date": "2026-07-04",
      "epss": "0.00196",
      "percentile": "0.09475"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54279\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-30T13:16:16.860\",\"lastModified\":\"2026-06-17T06:47:08.813\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nMIPS: fw: Allow firmware to pass a empty env\\n\\nfw_getenv will use env entry to determine style of env,\\nhowever it is legal for firmware to just pass a empty list.\\n\\nCheck if first entry exist before running strchr to avoid\\nnull pointer dereference.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\\n\\nMIPS: fw: Permitir que el firmware pase un \u0027env\u0027 vac\u00edo\\n\\nfw_getenv utilizar\u00e1 la entrada \u0027env\u0027 para determinar el estilo del \u0027env\u0027, sin embargo, es legal que el firmware simplemente pase una lista vac\u00eda.\\n\\nComprobar si la primera entrada existe antes de ejecutar strchr para evitar la desreferencia de puntero nulo.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"arch/mips/fw/lib/cmdline.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"14aecdd419217e041fb5dd2749d11f58503bdf62\",\"lessThan\":\"f334b31625683418aaa2a335470eec950a95a254\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"14aecdd419217e041fb5dd2749d11f58503bdf62\",\"lessThan\":\"830181ddced5a05a711dc9da8043203b1f33a77e\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"14aecdd419217e041fb5dd2749d11f58503bdf62\",\"lessThan\":\"0f91290774c798199ba4b8df93de5c3156b5163d\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"14aecdd419217e041fb5dd2749d11f58503bdf62\",\"lessThan\":\"47e61cadc7a5f3dffd42d2d6fda81be163f1ab82\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"14aecdd419217e041fb5dd2749d11f58503bdf62\",\"lessThan\":\"3ef93b7bd9e042db240843f24a80e14da38c6830\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"14aecdd419217e041fb5dd2749d11f58503bdf62\",\"lessThan\":\"a6b54af407873227caef6262e992f5422cdcb6ae\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"14aecdd419217e041fb5dd2749d11f58503bdf62\",\"lessThan\":\"ad79828f133e98585ab2236cad04a55eb7141bbe\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"14aecdd419217e041fb5dd2749d11f58503bdf62\",\"lessThan\":\"aeed787bbbbe1b842beec9a065a36c915226f704\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"14aecdd419217e041fb5dd2749d11f58503bdf62\",\"lessThan\":\"ee1809ed7bc456a72dc8410b475b73021a3a68d5\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"arch/mips/fw/lib/cmdline.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"3.10\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"3.10\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"4.14.315\",\"lessThanOrEqual\":\"4.14.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"4.19.283\",\"lessThanOrEqual\":\"4.19.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.4.243\",\"lessThanOrEqual\":\"5.4.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.10.180\",\"lessThanOrEqual\":\"5.10.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.15.111\",\"lessThanOrEqual\":\"5.15.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.1.28\",\"lessThanOrEqual\":\"6.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.2.15\",\"lessThanOrEqual\":\"6.2.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.3.2\",\"lessThanOrEqual\":\"6.3.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.4\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0f91290774c798199ba4b8df93de5c3156b5163d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3ef93b7bd9e042db240843f24a80e14da38c6830\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/47e61cadc7a5f3dffd42d2d6fda81be163f1ab82\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/830181ddced5a05a711dc9da8043203b1f33a77e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a6b54af407873227caef6262e992f5422cdcb6ae\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ad79828f133e98585ab2236cad04a55eb7141bbe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/aeed787bbbbe1b842beec9a065a36c915226f704\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ee1809ed7bc456a72dc8410b475b73021a3a68d5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f334b31625683418aaa2a335470eec950a95a254\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…