CVE-2026-23131
Unknown Unknown - Not Provided
Kobject Registration Warning in Linux hp-bioscfg Driver

Publication date: 2026-02-14

Last updated on: 2026-03-17

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kernel warnings: kobject: (00000000135fb5e6): attempted to be registered with empty name! WARNING: CPU: 14 PID: 3336 at lib/kobject.c:219 kobject_add_internal+0x2eb/0x310 Add validation in hp_init_bios_buffer_attribute() to check if the attribute name is empty after parsing it from the WMI buffer. If empty, log a debug message and skip registration of that attribute, allowing the module to continue processing other valid attributes.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-14
Last Modified
2026-03-17
Generated
2026-06-18
AI Q&A
2026-02-14
EPSS Evaluated
2026-06-17
NVD
CVE-2026-23131
EUVD
EUVD-2026-5906
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.7 (inc) to 6.12.68 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.8 (exc)
linux linux_kernel 6.19
linux linux_kernel From 6.6 (inc) to 6.6.122 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's hp-bioscfg driver, which attempts to register kernel objects (kobjects) with empty names when the HP BIOS returns attributes that have empty name strings.

Registering kobjects with empty names causes multiple kernel warnings and errors, such as "attempted to be registered with empty name!" and CPU warnings in the kernel code.

The fix involves adding validation to check if the attribute name is empty after parsing it from the WMI buffer. If the name is empty, the driver logs a debug message and skips registering that attribute, allowing the module to continue processing other valid attributes without causing warnings.

Impact Analysis

This vulnerability primarily causes kernel warnings due to attempts to register kobjects with empty names.

While it does not indicate a direct security breach or exploit, these warnings can clutter system logs and potentially affect system stability or debugging processes.

The fix prevents these warnings by skipping invalid attributes, improving system reliability and maintainability.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by monitoring kernel logs for specific warning messages related to the hp-bioscfg driver attempting to register kobjects with empty names.

  • Check the kernel log for warnings such as: "kobject: (address): attempted to be registered with empty name!"
  • Look for CPU warnings referencing lib/kobject.c at kobject_add_internal.
  • Use commands like `dmesg | grep -i 'kobject'` or `journalctl -k | grep -i 'kobject'` to find relevant warnings.
Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the hp-bioscfg driver includes validation to skip registration of attributes with empty names.

This fix prevents kernel warnings by adding checks in hp_init_bios_buffer_attribute() to avoid registering empty-named kobjects.

Until the update is applied, monitor kernel logs for the warnings and consider disabling the hp-bioscfg driver if it is not required.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23131. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart