Description
In the Linux kernel, the following vulnerability has been resolved:

platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names

The hp-bioscfg driver attempts to register kobjects with empty names when
the HP BIOS returns attributes with empty name strings. This causes
multiple kernel warnings:

kobject: (00000000135fb5e6): attempted to be registered with empty name!
WARNING: CPU: 14 PID: 3336 at lib/kobject.c:219 kobject_add_internal+0x2eb/0x310

Add validation in hp_init_bios_buffer_attribute() to check if the
attribute name is empty after parsing it from the WMI buffer. If empty,
log a debug message and skip registration of that attribute, allowing the
module to continue processing other valid attributes.
Published: 2026-02-14
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel warnings caused by empty kobject names potentially affecting stability
Action: Apply patch
AI Analysis

Impact

The hp-bioscfg driver registers kernel objects using names parsed from HP BIOS attributes. When the BIOS returns an empty string, the driver attempts to create a kobject with an empty name, which triggers kernel warnings and log noise. This is a validation weakness; it does not directly expose data or allow code execution, but it can disturb kernel stability and increase log volume, potentially obscuring real issues.

Affected Systems

All Linux kernels that include the hp_bioscfg driver from version 6.19 release candidate 1 through release candidate 6 are affected. The patch is part of the 6.19 kernel series, so updating to any kernel that incorporates the fix after the release candidate stages mitigates the issue.

Risk and Exploitability

With a CVSS score of 5.5 the vulnerability is moderate. The EPSS score of less than 1% indicates a very low exploitation probability, and the issue is not listed in the CISA KEV catalog. No publicly known exploits exist. The likely vector would involve a system with an HP BIOS that returns empty attribute names, which an attacker might provoke only with local or firmware-level privileges; thus realistic risk is mainly increased log noise and potential kernel performance impact rather than traditional security compromise.

Generated by OpenCVE AI on April 18, 2026 at 12:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a kernel version that includes the hp_bioscfg kobject name validation patch (e.g., kernel 6.19.0 or newer).
  • If an upgrade is not possible, rebuild the kernel or the hp_bioscfg module with the updated changes to skip registration of empty attribute names.
  • Keep HP BIOS firmware updated to eliminate empty attribute names.
  • If the device does not require BIOS configuration, consider disabling the hp_bioscfg driver to avoid the issue.

Generated by OpenCVE AI on April 18, 2026 at 12:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Tue, 17 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Tue, 17 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References

Sat, 14 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kernel warnings: kobject: (00000000135fb5e6): attempted to be registered with empty name! WARNING: CPU: 14 PID: 3336 at lib/kobject.c:219 kobject_add_internal+0x2eb/0x310 Add validation in hp_init_bios_buffer_attribute() to check if the attribute name is empty after parsing it from the WMI buffer. If empty, log a debug message and skip registration of that attribute, allowing the module to continue processing other valid attributes.
Title platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-14T15:09:58.916Z

Reserved: 2026-01-13T15:37:45.971Z

Link: CVE-2026-23131

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-14T15:16:08.387

Modified: 2026-03-17T21:17:04.773

Link: CVE-2026-23131

cve-icon Redhat

Severity :

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23131 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:30:45Z

Weaknesses