VYPR
Unrated severityNVD Advisory· Published Aug 21, 2024· Updated May 4, 2025

gsmi: fix null-deref in gsmi_get_variable

CVE-2023-52893

Description

In the Linux kernel, the following vulnerability has been resolved:

gsmi: fix null-deref in gsmi_get_variable

We can get EFI variables without fetching the attribute, so we must allow for that in gsmi.

commit 859748255b43 ("efi: pstore: Omit efivars caching EFI varstore access layer") added a new get_variable call with attr=NULL, which triggers panic in gsmi.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

120

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.