CVE-2026-23370
Information Disclosure in Linux dell-wmi-sysman Due to Hex Dump
Publication date: 2026-03-25
Last updated on: 2026-04-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 5.11 |
| linux | linux_kernel | From 6.19 (inc) to 6.19.7 (exc) |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.17 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.130 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.77 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.167 (exc) |
| linux | linux_kernel | From 5.11.1 (inc) to 5.15.203 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The vulnerability involves the Linux kernel component platform/x86: dell-wmi-sysman where plaintext password data is hex dumped, potentially leaking credentials.
To mitigate this vulnerability, update your Linux kernel to a version where this issue has been resolved, as the fix involves removing the hex dump of plaintext password data in the set_new_password() function.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves the hex dumping of plaintext password data, which could lead to credential leakage.
Leaking plaintext passwords may result in unauthorized access to sensitive information, potentially violating data protection regulations such as GDPR and HIPAA that require safeguarding personal and sensitive data.
By removing the hex dump of plaintext passwords, the vulnerability fix helps prevent credential leakage, thereby supporting compliance with these standards.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel component platform/x86: dell-wmi-sysman. The function set_new_password() was hex dumping the entire buffer that contains plaintext password data, including both the current and new passwords. This hex dump could lead to the exposure of sensitive password information.
The vulnerability was resolved by removing the hex dump of the plaintext password data to prevent leaking credentials.
How can this vulnerability impact me? :
This vulnerability can lead to the leakage of plaintext passwords, including current and new passwords, through the hex dump output. If exploited, an attacker or unauthorized user could gain access to sensitive credential information, potentially compromising system security and user accounts.