CVE-2026-23335
Received Received - Intake
Kernel Stack Memory Leak in Linux RDMA irdma Component

Publication date: 2026-03-25

Last updated on: 2026-04-23

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() struct irdma_create_ah_resp { // 8 bytes, no padding __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah->sc_ah.ah_info.ah_idx) __u8 rsvd[4]; // offset 4 - NEVER SET <- LEAK }; rsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata(). The reserved members of the structure were not zeroed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23335
EUVD
EUVD-2026-15298
Affected Vendors & Products
Showing 14 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.14
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.17 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.77 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.167 (exc)
linux linux_kernel From 5.14.1 (inc) to 5.15.203 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's RDMA/irdma component, specifically in the function irdma_create_user_ah().

The issue is a kernel stack memory leak caused by a structure named irdma_create_ah_resp, which contains a reserved 4-byte array that is never set or zeroed before being used.

As a result, 4 bytes of potentially sensitive stack memory are leaked unconditionally when the function executes, because only the ah_id field is assigned before the response is sent.

Impact Analysis

This vulnerability can lead to unintended leakage of kernel stack memory contents.

Such leaks may expose sensitive information residing in the kernel stack, which could be exploited by attackers to gain insights into kernel memory layout or data.

While the leak is small (4 bytes), it still represents a potential information disclosure risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23335. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart