CVE-2026-23384
Kernel Stack Memory Leak in Linux RDMA ionic_create_cq
Publication date: 2026-03-25
Last updated on: 2026-04-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.18 |
| linux | linux_kernel | From 6.18.1 (inc) to 6.18.17 (exc) |
| linux | linux_kernel | From 6.19 (inc) to 6.19.7 (exc) |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's RDMA/ionic component, specifically in the ionic_create_cq() function. It causes a kernel stack memory leak where 7 bytes of reserved stack memory (rsvd[7]) are leaked unconditionally. Additionally, due to the way the cqid array is handled, up to 4 more bytes may be leaked if certain conditions on the udma_mask are met, potentially leaking a total of 11 bytes of kernel stack memory.
How can this vulnerability impact me? :
The vulnerability results in a small amount of kernel stack memory being leaked. While the exact impact is not detailed, leaking kernel stack memory can potentially expose sensitive information or internal kernel data, which could be leveraged by an attacker to gain further insights or escalate privileges.