CVE-2026-23370
Received Received - Intake
Information Disclosure in Linux dell-wmi-sysman Due to Hex Dump

Publication date: 2026-03-25

Last updated on: 2026-04-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data set_new_password() hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-24
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23370
EUVD
EUVD-2026-15355
Affected Vendors & Products
Showing 14 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.11
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.17 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.77 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.167 (exc)
linux linux_kernel From 5.11.1 (inc) to 5.15.203 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability involves the hex dumping of plaintext password data, which could lead to credential leakage.

Leaking plaintext passwords may result in unauthorized access to sensitive information, potentially violating data protection regulations such as GDPR and HIPAA that require safeguarding personal and sensitive data.

By removing the hex dump of plaintext passwords, the vulnerability fix helps prevent credential leakage, thereby supporting compliance with these standards.

Executive Summary

This vulnerability exists in the Linux kernel component platform/x86: dell-wmi-sysman. The function set_new_password() was hex dumping the entire buffer that contains plaintext password data, including both the current and new passwords. This hex dump could lead to the exposure of sensitive password information.

The vulnerability was resolved by removing the hex dump of the plaintext password data to prevent leaking credentials.

Impact Analysis

This vulnerability can lead to the leakage of plaintext passwords, including current and new passwords, through the hex dump output. If exploited, an attacker or unauthorized user could gain access to sensitive credential information, potentially compromising system security and user accounts.

Mitigation Strategies

The vulnerability involves the Linux kernel component platform/x86: dell-wmi-sysman where plaintext password data is hex dumped, potentially leaking credentials.

To mitigate this vulnerability, update your Linux kernel to a version where this issue has been resolved, as the fix involves removing the hex dump of plaintext password data in the set_new_password() function.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23370. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart