CVE-2026-23384
Received Received - Intake
Kernel Stack Memory Leak in Linux RDMA ionic_create_cq

Publication date: 2026-03-25

Last updated on: 2026-04-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix kernel stack leak in ionic_create_cq() struct ionic_cq_resp resp { __u32 cqid[2]; // offset 0 - PARTIALLY SET (see below) __u8 udma_mask; // offset 8 - SET (resp.udma_mask = vcq->udma_mask) __u8 rsvd[7]; // offset 9 - NEVER SET <- LEAK }; rsvd[7]: 7 bytes of stack memory leaked unconditionally. cqid[2]: The loop at line 1256 iterates over udma_idx but skips indices where !(vcq->udma_mask & BIT(udma_idx)). The array has 2 entries but udma_count could be 1, meaning cqid[1] might never be written via ionic_create_cq_common(). If udma_mask only has bit 0 set, cqid[1] (4 bytes) is also leaked. So potentially 11 bytes leaked.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-24
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23384
EUVD
EUVD-2026-15381
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.18
linux linux_kernel From 6.18.1 (inc) to 6.18.17 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's RDMA/ionic component, specifically in the ionic_create_cq() function. It causes a kernel stack memory leak where 7 bytes of reserved stack memory (rsvd[7]) are leaked unconditionally. Additionally, due to the way the cqid array is handled, up to 4 more bytes may be leaked if certain conditions on the udma_mask are met, potentially leaking a total of 11 bytes of kernel stack memory.

Impact Analysis

The vulnerability results in a small amount of kernel stack memory being leaked. While the exact impact is not detailed, leaking kernel stack memory can potentially expose sensitive information or internal kernel data, which could be leveraged by an attacker to gain further insights or escalate privileges.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23384. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart