Description
In the Linux kernel, the following vulnerability has been resolved:

platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro

The GET_INSTANCE_ID macro that caused a kernel panic when accessing sysfs
attributes:

1. Off-by-one error: The loop condition used '<=' instead of '<',
causing access beyond array bounds. Since array indices are 0-based
and go from 0 to instances_count-1, the loop should use '<'.

2. Missing NULL check: The code dereferenced attr_name_kobj->name
without checking if attr_name_kobj was NULL, causing a null pointer
dereference in min_length_show() and other attribute show functions.

The panic occurred when fwupd tried to read BIOS configuration attributes:

Oops: general protection fault [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
RIP: 0010:min_length_show+0xcf/0x1d0 [hp_bioscfg]

Add a NULL check for attr_name_kobj before dereferencing and corrects
the loop boundary to match the pattern used elsewhere in the driver.
Published: 2026-02-04
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (Kernel Panic)
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises from an off‑by‑one loop error and a missing null check in the hp_bioscfg driver’s GET_INSTANCE_ID macro, causing a null‑pointer dereference when sysfs attributes are accessed; this triggers a kernel panic that can force the system to reboot, resulting in a denial of service.

Affected Systems

Affected systems include the Linux kernel, specifically release candidates 6.19 rc1 through rc6 as identified by the corresponding CPE strings; no other kernel versions are listed as impacted in the advisory.

Risk and Exploitability

The CVSS score is 5.5, placing the issue in the moderate range, while the EPSS score is reported as <1% indicating a very low likelihood of exploitation in the wild. The vulnerability is not included in CISA’s KEV catalog. Exploitation would require local access to trigger a sysfs read via fwupd, suggesting the attack vector is likely local; therefore, the immediate threat level is moderate but the impact of a system crash can be significant for uptime.

Generated by OpenCVE AI on April 17, 2026 at 23:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied kernel patch that fixes the null‑pointer dereference and off‑by‑one error in the hp_bioscfg driver.
  • Upgrade to a Linux kernel version that contains the CVE fix, such as 6.19.1 or a later stable release.
  • If an immediate kernel upgrade is not possible, disable access to the hp_bioscfg sysfs attributes or block fwupd from reading BIOS configuration attributes until the patch is applied.

Generated by OpenCVE AI on April 17, 2026 at 23:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6126-1 linux security update
History

Fri, 13 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 05 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References

Wed, 04 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro The GET_INSTANCE_ID macro that caused a kernel panic when accessing sysfs attributes: 1. Off-by-one error: The loop condition used '<=' instead of '<', causing access beyond array bounds. Since array indices are 0-based and go from 0 to instances_count-1, the loop should use '<'. 2. Missing NULL check: The code dereferenced attr_name_kobj->name without checking if attr_name_kobj was NULL, causing a null pointer dereference in min_length_show() and other attribute show functions. The panic occurred when fwupd tried to read BIOS configuration attributes: Oops: general protection fault [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:min_length_show+0xcf/0x1d0 [hp_bioscfg] Add a NULL check for attr_name_kobj before dereferencing and corrects the loop boundary to match the pattern used elsewhere in the driver.
Title platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-09T08:38:01.015Z

Reserved: 2026-01-13T15:37:45.953Z

Link: CVE-2026-23062

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-04T17:16:16.883

Modified: 2026-03-13T21:28:23.150

Link: CVE-2026-23062

cve-icon Redhat

Severity :

Publid Date: 2026-02-04T00:00:00Z

Links: CVE-2026-23062 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:45:25Z

Weaknesses