CVE-2023-54279
Description
In the Linux kernel, the following vulnerability has been resolved:
MIPS: fw: Allow firmware to pass a empty env
fw_getenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list.
Check if first entry exist before running strchr to avoid null pointer dereference.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel, a null pointer dereference in MIPS firmware environment parsing is fixed by checking for an empty list before calling strchr.
Vulnerability
Vulnerability
CVE-2023-54279 is a null pointer dereference vulnerability in the Linux kernel's MIPS architecture firmware interface. The fw_getenv function uses an environment entry to determine the style of the environment, but it does not account for the case where the firmware passes an empty list. This leads to a null pointer dereference when strchr is called on a non-existent first entry [1][2][3].
Exploitation
An attacker with the ability to control or influence the firmware environment passed to the kernel could trigger this bug. The attack surface is limited to systems using MIPS firmware that can supply an empty environment list. No authentication is required, but the attacker must be able to modify the firmware environment or boot parameters [1][2][3].
Impact
Successful exploitation results in a kernel crash (denial of service) due to the null pointer dereference. This could cause system instability or a complete system hang. There is no indication of privilege escalation or data corruption from this vulnerability [1][2][3].
Mitigation
The fix is included in Linux kernel stable updates. Users should apply the latest kernel updates from their distribution. The commit identifiers are a6b54af40787, 0f91290774c7, and 47e61cadc7a5 [1][2][3].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
9f334b3162568830181ddced50f91290774c747e61cadc7a53ef93b7bd9e0a6b54af40787ad79828f133eaeed787bbbbeee1809ed7bc4Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- git.kernel.org/stable/c/0f91290774c798199ba4b8df93de5c3156b5163dnvd
- git.kernel.org/stable/c/3ef93b7bd9e042db240843f24a80e14da38c6830nvd
- git.kernel.org/stable/c/47e61cadc7a5f3dffd42d2d6fda81be163f1ab82nvd
- git.kernel.org/stable/c/830181ddced5a05a711dc9da8043203b1f33a77envd
- git.kernel.org/stable/c/a6b54af407873227caef6262e992f5422cdcb6aenvd
- git.kernel.org/stable/c/ad79828f133e98585ab2236cad04a55eb7141bbenvd
- git.kernel.org/stable/c/aeed787bbbbe1b842beec9a065a36c915226f704nvd
- git.kernel.org/stable/c/ee1809ed7bc456a72dc8410b475b73021a3a68d5nvd
- git.kernel.org/stable/c/f334b31625683418aaa2a335470eec950a95a254nvd
News mentions
0No linked articles in our index yet.