CVE-2026-23131
Kobject Registration Warning in Linux hp-bioscfg Driver
Publication date: 2026-02-14
Last updated on: 2026-03-17
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.7 (inc) to 6.12.68 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.18.8 (exc) |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.6 (inc) to 6.6.122 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's hp-bioscfg driver, which attempts to register kernel objects (kobjects) with empty names when the HP BIOS returns attributes that have empty name strings.
Registering kobjects with empty names causes multiple kernel warnings and errors, such as "attempted to be registered with empty name!" and CPU warnings in the kernel code.
The fix involves adding validation to check if the attribute name is empty after parsing it from the WMI buffer. If the name is empty, the driver logs a debug message and skips registering that attribute, allowing the module to continue processing other valid attributes without causing warnings.
How can this vulnerability impact me? :
This vulnerability primarily causes kernel warnings due to attempts to register kobjects with empty names.
While it does not indicate a direct security breach or exploit, these warnings can clutter system logs and potentially affect system stability or debugging processes.
The fix prevents these warnings by skipping invalid attributes, improving system reliability and maintainability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring kernel logs for specific warning messages related to the hp-bioscfg driver attempting to register kobjects with empty names.
- Check the kernel log for warnings such as: "kobject: (address): attempted to be registered with empty name!"
- Look for CPU warnings referencing lib/kobject.c at kobject_add_internal.
- Use commands like `dmesg | grep -i 'kobject'` or `journalctl -k | grep -i 'kobject'` to find relevant warnings.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the hp-bioscfg driver includes validation to skip registration of attributes with empty names.
This fix prevents kernel warnings by adding checks in hp_init_bios_buffer_attribute() to avoid registering empty-named kobjects.
Until the update is applied, monitor kernel logs for the warnings and consider disabling the hp-bioscfg driver if it is not required.