{"id":"CVE-2026-23062","summary":"platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro\n\nThe GET_INSTANCE_ID macro that caused a kernel panic when accessing sysfs\nattributes:\n\n1. Off-by-one error: The loop condition used '\u003c=' instead of '\u003c',\n   causing access beyond array bounds. Since array indices are 0-based\n   and go from 0 to instances_count-1, the loop should use '\u003c'.\n\n2. Missing NULL check: The code dereferenced attr_name_kobj-\u003ename\n   without checking if attr_name_kobj was NULL, causing a null pointer\n   dereference in min_length_show() and other attribute show functions.\n\nThe panic occurred when fwupd tried to read BIOS configuration attributes:\n\n  Oops: general protection fault [#1] SMP KASAN NOPTI\n  KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n  RIP: 0010:min_length_show+0xcf/0x1d0 [hp_bioscfg]\n\nAdd a NULL check for attr_name_kobj before dereferencing and corrects\nthe loop boundary to match the pattern used elsewhere in the driver.","modified":"2026-04-02T17:30:52.958405Z","published":"2026-02-04T16:07:44.420Z","related":["SUSE-SU-2026:0962-1","SUSE-SU-2026:1081-1","SUSE-SU-2026:20838-1","SUSE-SU-2026:20931-1","openSUSE-SU-2026:20416-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23062.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/193922a23d7294085a47d7719fdb7d66ad0a236f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/25150715e0b049b99df664daf05dab12f41c3e13"},{"type":"WEB","url":"https://git.kernel.org/stable/c/eb5ff1025c92117d5d1cc728bcfa294abe484da1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/eba49c1dee9c5e514ca18e52c545bba524e8a045"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23062.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23062"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"5f94f181ca25d8c5b77beb2da0cb466ddb6ece29"},{"fixed":"eb5ff1025c92117d5d1cc728bcfa294abe484da1"},{"fixed":"eba49c1dee9c5e514ca18e52c545bba524e8a045"},{"fixed":"193922a23d7294085a47d7719fdb7d66ad0a236f"},{"fixed":"25150715e0b049b99df664daf05dab12f41c3e13"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23062.json"}}],"schema_version":"1.7.5"}