{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23090", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.962Z", "datePublished": "2026-02-04T16:08:13.438Z", "dateUpdated": "2026-05-11T21:59:48.426Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:59:48.426Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nslimbus: core: fix device reference leak on report present\n\nSlimbus devices can be allocated dynamically upon reception of\nreport-present messages.\n\nMake sure to drop the reference taken when looking up already registered\ndevices.\n\nNote that this requires taking an extra reference in case the device has\nnot yet been registered and has to be allocated."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/slimbus/core.c"], "versions": [{"version": "46a2bb5a7f7ea2728be50f8f5b29a20267f700fe", "lessThan": "b1217e40705b2f6d311c197b12866752656217ff", "status": "affected", "versionType": "git"}, {"version": "46a2bb5a7f7ea2728be50f8f5b29a20267f700fe", "lessThan": "948615429c9f2ac9d25d4e1f1a4472926b217a9a", "status": "affected", "versionType": "git"}, {"version": "46a2bb5a7f7ea2728be50f8f5b29a20267f700fe", "lessThan": "02b78bbfbafe49832e508079148cb87cdfa55825", "status": "affected", "versionType": "git"}, {"version": "46a2bb5a7f7ea2728be50f8f5b29a20267f700fe", "lessThan": "2ddc09f6a0a221b1d91a7cbc8cc2cefdbd334fe6", "status": "affected", "versionType": "git"}, {"version": "46a2bb5a7f7ea2728be50f8f5b29a20267f700fe", "lessThan": "54de72a7aabc0749938d7a2833a0c1a5d3ed7ac9", "status": "affected", "versionType": "git"}, {"version": "46a2bb5a7f7ea2728be50f8f5b29a20267f700fe", "lessThan": "6602bb4d1338e92b5838e50322b87697bdbd2ee0", "status": "affected", "versionType": "git"}, {"version": "46a2bb5a7f7ea2728be50f8f5b29a20267f700fe", "lessThan": "9391380eb91ea5ac792aae9273535c8da5b9aa01", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/slimbus/core.c"], "versions": [{"version": "4.16", "status": "affected"}, {"version": "0", "lessThan": "4.16", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.249", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.199", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.162", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.68", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.8", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "5.10.249"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "5.15.199"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.1.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.12.68"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.18.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b1217e40705b2f6d311c197b12866752656217ff"}, {"url": "https://git.kernel.org/stable/c/948615429c9f2ac9d25d4e1f1a4472926b217a9a"}, {"url": "https://git.kernel.org/stable/c/02b78bbfbafe49832e508079148cb87cdfa55825"}, {"url": "https://git.kernel.org/stable/c/2ddc09f6a0a221b1d91a7cbc8cc2cefdbd334fe6"}, {"url": "https://git.kernel.org/stable/c/54de72a7aabc0749938d7a2833a0c1a5d3ed7ac9"}, {"url": "https://git.kernel.org/stable/c/6602bb4d1338e92b5838e50322b87697bdbd2ee0"}, {"url": "https://git.kernel.org/stable/c/9391380eb91ea5ac792aae9273535c8da5b9aa01"}], "title": "slimbus: core: fix device reference leak on report present", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7890100-2475-49B0-BE7F-02AA4C41DFA7", "versionEndExcluding": "5.10.249", "versionStartIncluding": "4.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A247FBA6-BEB9-484F-B892-DD5517949CCD", "versionEndExcluding": "5.15.199", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6579E0D4-0641-479D-A4C3-0EF618798C55", "versionEndExcluding": "6.1.162", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EAAE395-0162-4BAF-9AD5-E9AF3C869C4F", "versionEndExcluding": "6.6.122", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "52F38E19-0FDD-4992-9D6D-D4169D689598", "versionEndExcluding": "6.12.68", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E65C6E79-7EBE-4C77-93F0-818CF5B38F4E", "versionEndExcluding": "6.18.8", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nslimbus: core: fix device reference leak on report present\n\nSlimbus devices can be allocated dynamically upon reception of\nreport-present messages.\n\nMake sure to drop the reference taken when looking up already registered\ndevices.\n\nNote that this requires taking an extra reference in case the device has\nnot yet been registered and has to be allocated."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nslimbus: core: soluciona fuga de referencia de dispositivo al informar presencia\n\nLos dispositivos Slimbus pueden asignarse din\u00e1micamente tras la recepci\u00f3n de mensajes de informe de presencia.\n\nAseg\u00farese de liberar la referencia tomada al buscar dispositivos ya registrados.\n\nTenga en cuenta que esto requiere tomar una referencia adicional en caso de que el dispositivo a\u00fan no haya sido registrado y deba asignarse."}], "id": "CVE-2026-23090", "lastModified": "2026-03-17T21:09:35.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-04T17:16:19.877", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/02b78bbfbafe49832e508079148cb87cdfa55825"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2ddc09f6a0a221b1d91a7cbc8cc2cefdbd334fe6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/54de72a7aabc0749938d7a2833a0c1a5d3ed7ac9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6602bb4d1338e92b5838e50322b87697bdbd2ee0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9391380eb91ea5ac792aae9273535c8da5b9aa01"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/948615429c9f2ac9d25d4e1f1a4472926b217a9a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b1217e40705b2f6d311c197b12866752656217ff"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: slimbus: core: fix device reference leak on report present", "id": "2436833", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436833"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2026-23090", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23090\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23090\nhttps://lore.kernel.org/linux-cve-announce/2026020425-CVE-2026-23090-2971@gregkh/T"]}

{"analysis": {"en": {"generated_at": "2026-04-18T18:28:04.982642+00:00", "value": {"mitigation_remediation": ["Upgrade to a kernel release that includes the reference\u2011leak fix (e.g., 6.19 rc7 or later).", "If an immediate kernel upgrade is not possible, disable the slimbus driver by setting the kernel parameter 'slimbus.disable=1' or blacklisting the module to prevent the vulnerable code from loading.", "Monitor kernel resource usage and kernel logs for signs of excessive slimbus object counts or memory pressure, and adjust system limits or device usage accordingly."], "summary": {"action": "Patch", "impact": "Uncontrolled Resource Consumption (Potential Denial of Service)"}, "threat_synthesis": {"affected_systems": "Devices running recent releases of the Linux kernel, specifically the 6.19 release candidates (rc1 through rc6) and any kernel images derived from those, are affected because the bug resides in the upstream core slimbus driver.", "description_and_impact": "A bug in the Linux kernel's slimbus core module caused a reference leak when the driver processed report\u2011present messages. When a new slimbus device is dynamically allocated, the kernel mistakenly retains an extra reference to the device object if it already exists, preventing the reference counter from dropping to the correct value. This over\u2011counting permits the kernel to keep more device objects alive than intended, which can exhaust kernel resources or cause erratic behavior such as memory pressure, degraded performance, or kernel instability.", "risk_and_exploitability": "The vulnerability is rated with a CVSS score of 5.5, indicating moderate severity. EPSS indicates a very low likelihood of exploitation, and the flaw is not listed in the CISA KEV catalog. Exploitation would require an attacker to be able to trigger report\u2011present messages to a target kernel with a slimbus device; this is likely limited to environments where the attacker can influence the connection of such devices to the kernel, making broad remote exploitation unlikely."}}}}, "created": "2026-04-18T18:30:07.293022+00:00", "updated": "2026-04-18T18:30:07.293032+00:00", "vendors": []}