CVE-2026-23090

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

04/02/2026

Last modified:

04/02/2026

Description

In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device reference leak on report present Slimbus devices can be allocated dynamically upon reception of report-present messages. Make sure to drop the reference taken when looking up already registered devices. Note that this requires taking an extra reference in case the device has not yet been registered and has to be allocated.

Impact

References to Advisories, Solutions, and Tools

https://git.kernel.org/stable/c/2ddc09f6a0a221b1d91a7cbc8cc2cefdbd334fe6
https://git.kernel.org/stable/c/54de72a7aabc0749938d7a2833a0c1a5d3ed7ac9
https://git.kernel.org/stable/c/6602bb4d1338e92b5838e50322b87697bdbd2ee0
https://git.kernel.org/stable/c/9391380eb91ea5ac792aae9273535c8da5b9aa01