{"id":"CVE-2023-54279","summary":"MIPS: fw: Allow firmware to pass a empty env","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: fw: Allow firmware to pass a empty env\n\nfw_getenv will use env entry to determine style of env,\nhowever it is legal for firmware to just pass a empty list.\n\nCheck if first entry exist before running strchr to avoid\nnull pointer dereference.","modified":"2026-04-02T09:45:44.334761Z","published":"2025-12-30T12:16:07.018Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54279.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0f91290774c798199ba4b8df93de5c3156b5163d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3ef93b7bd9e042db240843f24a80e14da38c6830"},{"type":"WEB","url":"https://git.kernel.org/stable/c/47e61cadc7a5f3dffd42d2d6fda81be163f1ab82"},{"type":"WEB","url":"https://git.kernel.org/stable/c/830181ddced5a05a711dc9da8043203b1f33a77e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a6b54af407873227caef6262e992f5422cdcb6ae"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ad79828f133e98585ab2236cad04a55eb7141bbe"},{"type":"WEB","url":"https://git.kernel.org/stable/c/aeed787bbbbe1b842beec9a065a36c915226f704"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ee1809ed7bc456a72dc8410b475b73021a3a68d5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f334b31625683418aaa2a335470eec950a95a254"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54279.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-54279"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"14aecdd419217e041fb5dd2749d11f58503bdf62"},{"fixed":"f334b31625683418aaa2a335470eec950a95a254"},{"fixed":"830181ddced5a05a711dc9da8043203b1f33a77e"},{"fixed":"0f91290774c798199ba4b8df93de5c3156b5163d"},{"fixed":"47e61cadc7a5f3dffd42d2d6fda81be163f1ab82"},{"fixed":"3ef93b7bd9e042db240843f24a80e14da38c6830"},{"fixed":"a6b54af407873227caef6262e992f5422cdcb6ae"},{"fixed":"ad79828f133e98585ab2236cad04a55eb7141bbe"},{"fixed":"aeed787bbbbe1b842beec9a065a36c915226f704"},{"fixed":"ee1809ed7bc456a72dc8410b475b73021a3a68d5"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-54279.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.10.0"},{"fixed":"4.14.315"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.283"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.243"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.180"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.111"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.28"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.2.15"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.3.0"},{"fixed":"6.3.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-54279.json"}}],"schema_version":"1.7.5"}