CVE-2026-23062

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue within the hp bioscfg driver related to the GET INSTANCE ID macro. This macro could lead to a kernel panic when accessing sysfs attributes. The issue stems from two primary causes: an off-by-one error in a loop condition (using '<=' instead of '<'), resulting in out-of-bounds array access, and a missing NULL check before dereferencing attr name kobj->name, causing a null pointer dereference in functions like min length show(). The panic was observed when the fwupd utility attempted to read BIOS configuration attributes. The vulnerable code is located within the min length show() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.