CVE-2026-23090

EUVD-2026-5452
In the Linux kernel, the following vulnerability has been resolved:

slimbus: core: fix device reference leak on report present

Slimbus devices can be allocated dynamically upon reception of
report-present messages.

Make sure to drop the reference taken when looking up already registered
devices.

Note that this requires taking an extra reference in case the device has
not yet been registered and has to be allocated.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
4.16 ≤
𝑥
< 5.10.249
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.199
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.162
linuxlinux_kernel
6.2 ≤
𝑥
< 6.6.122
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.68
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.8
linuxlinux_kernel
6.19:rc1
linuxlinux_kernel
6.19:rc2
linuxlinux_kernel
6.19:rc3
linuxlinux_kernel
6.19:rc4
linuxlinux_kernel
6.19:rc5
linuxlinux_kernel
6.19:rc6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
6.1.164-1
fixed
bullseye
vulnerable
bullseye (security)
5.10.251-1
fixed
forky
6.19.10-1
fixed
sid
6.19.11-1
fixed
trixie
6.12.73-1
fixed
trixie (security)
6.12.74-2
fixed
linux-6.1
bullseye (security)
6.1.164-1~deb11u1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/02b78bbfbafe49832e508079148cb87cdfa55825
https://git.kernel.org/stable/c/2ddc09f6a0a221b1d91a7cbc8cc2cefdbd334fe6
https://git.kernel.org/stable/c/54de72a7aabc0749938d7a2833a0c1a5d3ed7ac9
https://git.kernel.org/stable/c/6602bb4d1338e92b5838e50322b87697bdbd2ee0
https://git.kernel.org/stable/c/9391380eb91ea5ac792aae9273535c8da5b9aa01
https://git.kernel.org/stable/c/948615429c9f2ac9d25d4e1f1a4472926b217a9a
https://git.kernel.org/stable/c/b1217e40705b2f6d311c197b12866752656217ff