← back
CVE-2023-54279

MIPS: fw: Allow firmware to pass a empty env

EPSS 0.2%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fw_getenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointer dereference.
Affected products
Linux · Linux