CVE-2026-23370

MEDIUM

platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data set_new_password() hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking credentials.

Scores

CVSS v3 5.5
EPSS 0.0013
EPSS Percentile 2.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (27)
linux/Kernel 5.11.0 - 5.15.203linux
linux/Kernel 5.11.0 - 6.1.167linux
linux/Kernel 5.16.0 - 6.1.167linux
linux/Kernel 6.13.0 - 6.18.17linux
linux/Kernel 6.19.0 - 6.19.7linux
linux/Kernel 6.2.0 - 6.6.130linux
linux/Kernel 6.7.0 - 6.12.77linux
Linux/Linux < 5.11
Linux/Linux 5.11
Linux/Linux 5.15.203 - 5.15.*
... and 17 more
Published Mar 25, 2026
Tracked Since Mar 25, 2026