Linux Kernel hp-bioscfg GET_INSTANCE_ID Macro Kernel Panic Vulnerability

A vulnerability in the Linux kernel's hp-bioscfg component has been fixed, addressing a kernel panic caused by the GET_INSTANCE_ID macro. This issue stemmed from an off-by-one error in the loop condition, which improperly allowed access beyond the array bounds, and a missing NULL check that led to a null pointer dereference. The panic was triggered when fwupd attempted to read BIOS configuration attributes, resulting in a general protection fault. The vulnerability affected several versions of the Linux kernel.

Impact

Exploitation of this vulnerability led to a kernel panic, causing a general protection fault and a null pointer dereference, which disrupted normal system operations.

Reproduction

The vulnerability can be reproduced by using the hp-bioscfg component of the Linux kernel and accessing BIOS configuration attributes through fwupd. This process will trigger the GET_INSTANCE_ID macro, causing a kernel panic due to the off-by-one error and the lack of a NULL check, which together create a null pointer dereference.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel's official website.