CVE-2026-23384

MEDIUM EPSS 1.7%
Published Mar 25, 20263mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Mar 25, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix kernel stack leak in ionic_create_cq() struct ionic_cq_resp resp { __u32 cqid[2]; // offset 0 - PARTIALLY SET (see below) __u8 udma_mask; // offset 8 - SET (resp.udma_mask = vcq->udma_mask) __u8 rsvd[7]; // offset 9 - NEVER SET <- LEAK }; rsvd[7]: 7 bytes of stack memory leaked unconditionally. cqid[2]: The loop at line 1256 iterates over udma_idx but skips indices where !(vcq->udma_mask & BIT(udma_idx)). The array has 2 entries but udma_count could be 1, meaning cqid[1] might never be written via ionic_create_cq_common(). If udma_mask only has bit 0 set, cqid[1] (4 bytes) is also leaked. So potentially 11 bytes leaked.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥6.18.1  –  <6.18.17
linuxlinux_kernel*≥6.19  –  <6.19.7
linuxlinux_kernel6.18any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/547d0b07ad73915b323bc21f85c5d3252bebbbcf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a6f3e0fa8e862f220c26c2f27e5ddc42eb82ad3e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/faa72102b178c7ae6c6afea23879e7c84fc59b4e
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/547d0b07ad73915b323bc21f85c5d3252bebbbcf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a6f3e0fa8e862f220c26c2f27e5ddc42eb82ad3e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/faa72102b178c7ae6c6afea23879e7c84fc59b4e
    Patch