2436833 – (CVE-2026-23090) CVE-2026-23090 kernel: slimbus: core: fix device reference leak on report present

Bug 2436833 (CVE-2026-23090) - CVE-2026-23090 kernel: slimbus: core: fix device reference leak on report present

Summary: CVE-2026-23090 kernel: slimbus: core: fix device reference leak on report pre...

Keywords:
Status:	NEW
Alias:	CVE-2026-23090
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-04 17:05 UTC by OSIDB Bzimport
Modified:	2026-02-04 19:04 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-04 17:05:40 UTC

In the Linux kernel, the following vulnerability has been resolved:

slimbus: core: fix device reference leak on report present

Slimbus devices can be allocated dynamically upon reception of
report-present messages.

Make sure to drop the reference taken when looking up already registered
devices.

Note that this requires taking an extra reference in case the device has
not yet been registered and has to be allocated.

Comment 1 Jon Moroney 2026-02-04 18:59:16 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026020425-CVE-2026-23090-2971@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.