CVE-2026-23090Linux vulnerability

12 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
LinuxLinux KernelDebian Linux+8 more
Timeline
PublishedFeb 4
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device reference leak on report present Slimbus devices can be allocated dynamically upon reception of report-present messages. Make sure to drop the reference taken when looking up already registered devices. Note that this requires taking an extra reference in case the device has not yet been registered and has to be allocated.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages12 packages

NVDlinux/linux_kernel4.165.10.249+6
Debianlinux/linux_kernel< 5.10.249-1+3
CVEListV5linux/linux46a2bb5a7f7ea2728be50f8f5b29a20267f700feb1217e40705b2f6d311c197b12866752656217ff+7
debiandebian/linux< linux 6.1.162-1 (bookworm)
debiandebian/linux-6.1< linux 6.1.162-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-2rcf-99h2-99hm: In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device reference leak on report present Slimbus devices can b2026-02-04
OSV
CVE-2026-23090: In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device reference leak on report present Slimbus devices can be2026-02-04

📋Vendor Advisories

8
Ubuntu
Linux kernel (HWE) vulnerabilities2026-04-17
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-04-17
Ubuntu
Linux kernel (FIPS) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel vulnerabilities2026-04-16

🕵️Threat Intelligence

1
Wiz
CVE-2026-23090 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23090 — Linux vulnerability | cvebase