CVE-2023-54279

Summary

In the Linux kernel, the following vulnerability has been resolved:

MIPS: fw: Allow firmware to pass a empty env

fw_getenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list.

Check if first entry exist before running strchr to avoid null pointer dereference.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux14aecdd419217e041fb5dd2749d11f58503bdf62 < f334b31625683418aaa2a335470eec950a95a254affected
LinuxLinux14aecdd419217e041fb5dd2749d11f58503bdf62 < 830181ddced5a05a711dc9da8043203b1f33a77eaffected
LinuxLinux14aecdd419217e041fb5dd2749d11f58503bdf62 < 0f91290774c798199ba4b8df93de5c3156b5163daffected
LinuxLinux14aecdd419217e041fb5dd2749d11f58503bdf62 < 47e61cadc7a5f3dffd42d2d6fda81be163f1ab82affected
LinuxLinux14aecdd419217e041fb5dd2749d11f58503bdf62 < 3ef93b7bd9e042db240843f24a80e14da38c6830affected
LinuxLinux14aecdd419217e041fb5dd2749d11f58503bdf62 < a6b54af407873227caef6262e992f5422cdcb6aeaffected
LinuxLinux14aecdd419217e041fb5dd2749d11f58503bdf62 < ad79828f133e98585ab2236cad04a55eb7141bbeaffected
LinuxLinux14aecdd419217e041fb5dd2749d11f58503bdf62 < aeed787bbbbe1b842beec9a065a36c915226f704affected
LinuxLinux14aecdd419217e041fb5dd2749d11f58503bdf62 < ee1809ed7bc456a72dc8410b475b73021a3a68d5affected
LinuxLinux3.10affected
LinuxLinux0 < 3.10unaffected
LinuxLinux4.14.315 <= 4.14.*unaffected
LinuxLinux4.19.283 <= 4.19.*unaffected
LinuxLinux5.4.243 <= 5.4.*unaffected
LinuxLinux5.10.180 <= 5.10.*unaffected
LinuxLinux5.15.111 <= 5.15.*unaffected
LinuxLinux6.1.28 <= 6.1.*unaffected
LinuxLinux6.2.15 <= 6.2.*unaffected
LinuxLinux6.3.2 <= 6.3.*unaffected
LinuxLinux6.4 <= *unaffected

Weaknesses

References