CVE-2026-23335
Received Received - Intake

Kernel Stack Memory Leak in Linux RDMA irdma Component

Vulnerability report for CVE-2026-23335, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-25

Last updated on: 2026-04-23

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() struct irdma_create_ah_resp { // 8 bytes, no padding __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah->sc_ah.ah_info.ah_idx) __u8 rsvd[4]; // offset 4 - NEVER SET <- LEAK }; rsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata(). The reserved members of the structure were not zeroed.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-25
Last Modified
2026-04-23
Generated
2026-07-06
AI Q&A
2026-03-25
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 14 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.14
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.17 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.77 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.167 (exc)
linux linux_kernel From 5.14.1 (inc) to 5.15.203 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's RDMA/irdma component, specifically in the function irdma_create_user_ah().

The issue is a kernel stack memory leak caused by a structure named irdma_create_ah_resp, which contains a reserved 4-byte array that is never set or zeroed before being used.

As a result, 4 bytes of potentially sensitive stack memory are leaked unconditionally when the function executes, because only the ah_id field is assigned before the response is sent.

Impact Analysis

This vulnerability can lead to unintended leakage of kernel stack memory contents.

Such leaks may expose sensitive information residing in the kernel stack, which could be exploited by attackers to gain insights into kernel memory layout or data.

While the leak is small (4 bytes), it still represents a potential information disclosure risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23335. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart