CVE-2026-23335

MEDIUM

RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() struct irdma_create_ah_resp { // 8 bytes, no padding __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah->sc_ah.ah_info.ah_idx) __u8 rsvd[4]; // offset 4 - NEVER SET <- LEAK }; rsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata(). The reserved members of the structure were not zeroed.

References (7)

https://git.kernel.org/stable/c/14b47c07c69930254f549a17ee245c80a65b1609

https://git.kernel.org/stable/c/1b1fac4c7a3ab7f52e9cfb91e5c91216646ca4d8

https://git.kernel.org/stable/c/2fd37450d271d74b3847baed284f9cfdf198c6f8

https://git.kernel.org/stable/c/cfe962216c164fe2b1c1fb6ac925a7413f5abc84

https://git.kernel.org/stable/c/c9bd0007c4bdb7806bbd323287e50f9cf467c51a

https://git.kernel.org/stable/c/74586c6da9ea222a61c98394f2fc0a604748438c

https://git.kernel.org/stable/c/1f70df004fdd944653013ccc2e1dfd472a693b46

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 3.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (25)

linux/Kernel 5.14.0 - 6.1.167linux

linux/Kernel 6.13.0 - 6.18.17linux

linux/Kernel 6.19.0 - 6.19.7linux

linux/Kernel 6.2.0 - 6.6.130linux

linux/Kernel 6.7.0 - 6.12.77linux

Linux/Linux < 5.14

Linux/Linux 5.14

Linux/Linux 5.15.203 - 5.15.*

Linux/Linux 6.1.167 - 6.1.*

Linux/Linux 6.12.77 - 6.12.*

... and 15 more

Published Mar 25, 2026

Tracked Since Mar 25, 2026