CVE-2026-23090

Summary

In the Linux kernel, the following vulnerability has been resolved:

slimbus: core: fix device reference leak on report present

Slimbus devices can be allocated dynamically upon reception of report-present messages.

Make sure to drop the reference taken when looking up already registered devices.

Note that this requires taking an extra reference in case the device has not yet been registered and has to be allocated.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux46a2bb5a7f7ea2728be50f8f5b29a20267f700fe < b1217e40705b2f6d311c197b12866752656217ffaffected
LinuxLinux46a2bb5a7f7ea2728be50f8f5b29a20267f700fe < 948615429c9f2ac9d25d4e1f1a4472926b217a9aaffected
LinuxLinux46a2bb5a7f7ea2728be50f8f5b29a20267f700fe < 02b78bbfbafe49832e508079148cb87cdfa55825affected
LinuxLinux46a2bb5a7f7ea2728be50f8f5b29a20267f700fe < 2ddc09f6a0a221b1d91a7cbc8cc2cefdbd334fe6affected
LinuxLinux46a2bb5a7f7ea2728be50f8f5b29a20267f700fe < 54de72a7aabc0749938d7a2833a0c1a5d3ed7ac9affected
LinuxLinux46a2bb5a7f7ea2728be50f8f5b29a20267f700fe < 6602bb4d1338e92b5838e50322b87697bdbd2ee0affected
LinuxLinux46a2bb5a7f7ea2728be50f8f5b29a20267f700fe < 9391380eb91ea5ac792aae9273535c8da5b9aa01affected
LinuxLinux4.16affected
LinuxLinux0 < 4.16unaffected
LinuxLinux5.10.249 <= 5.10.*unaffected
LinuxLinux5.15.199 <= 5.15.*unaffected
LinuxLinux6.1.162 <= 6.1.*unaffected
LinuxLinux6.6.122 <= 6.6.*unaffected
LinuxLinux6.12.68 <= 6.12.*unaffected
LinuxLinux6.18.8 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References