{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23370", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.003Z", "datePublished": "2026-03-25T10:27:51.370Z", "dateUpdated": "2026-03-25T10:27:51.370Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:51.370Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Don't hex dump plaintext password data\n\nset_new_password() hex dumps the entire buffer, which contains plaintext\npassword data, including current and new passwords. Remove the hex dump\nto avoid leaking credentials."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/dell/dell-wmi-sysman/passwordattr-interface.c"], "versions": [{"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "d9e785bd62d2ac23cf29a75dcfea8c8087fd3870", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "411ba3cd837f7825c0e648e155bc505641f95854", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "0e6115c2f2facaed9593c16ad2e5accd487f5c52", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "5de34126fb2edf8ab7f25d677b132e92d8bf9ede", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "d78e74adc5cfff7afd9d03b9da8058a7e435f9bc", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "d1a196e0a6dcddd03748468a0e9e3100790fc85c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/dell/dell-wmi-sysman/passwordattr-interface.c"], "versions": [{"version": "5.11", "status": "affected"}, {"version": "0", "lessThan": "5.11", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/d9e785bd62d2ac23cf29a75dcfea8c8087fd3870"}, {"url": "https://git.kernel.org/stable/c/411ba3cd837f7825c0e648e155bc505641f95854"}, {"url": "https://git.kernel.org/stable/c/0e6115c2f2facaed9593c16ad2e5accd487f5c52"}, {"url": "https://git.kernel.org/stable/c/5de34126fb2edf8ab7f25d677b132e92d8bf9ede"}, {"url": "https://git.kernel.org/stable/c/d78e74adc5cfff7afd9d03b9da8058a7e435f9bc"}, {"url": "https://git.kernel.org/stable/c/d1a196e0a6dcddd03748468a0e9e3100790fc85c"}], "title": "platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Don't hex dump plaintext password data\n\nset_new_password() hex dumps the entire buffer, which contains plaintext\npassword data, including current and new passwords. Remove the hex dump\nto avoid leaking credentials."}], "id": "CVE-2026-23370", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:36.527", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0e6115c2f2facaed9593c16ad2e5accd487f5c52"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/411ba3cd837f7825c0e648e155bc505641f95854"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5de34126fb2edf8ab7f25d677b132e92d8bf9ede"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d1a196e0a6dcddd03748468a0e9e3100790fc85c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d78e74adc5cfff7afd9d03b9da8058a7e435f9bc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d9e785bd62d2ac23cf29a75dcfea8c8087fd3870"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data", "id": "2451225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451225"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-256", "details": ["A flaw was found in the dell-wmi-sysman component of the Linux kernel. This vulnerability occurs because the set_new_password() function incorrectly hex dumps the entire buffer, which includes sensitive plaintext password data. A local attacker could exploit this to disclose user credentials, leading to unauthorized access."], "mitigation": {"lang": "en:us", "value": "Restrict access to kernel logs (dmesg) via kernel.dmesg_restrict sysctl setting."}, "name": "CVE-2026-23370", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23370\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23370\nhttps://lore.kernel.org/linux-cve-announce/2026032540-CVE-2026-23370-02d2@gregkh/T"], "statement": "This flaw affects Dell systems using the dell-wmi-sysman driver for BIOS password management. The debug hex dump exposes plaintext current and new passwords to kernel logs (dmesg). A local user with access to kernel logs could retrieve BIOS passwords. This is an information disclosure issue rather than code execution.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e8a60aa7404bfef37705da5607c97737073ac38d,d9e785bd62d2ac23cf29a75dcfea8c8087fd3870)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e8a60aa7404bfef37705da5607c97737073ac38d,411ba3cd837f7825c0e648e155bc505641f95854)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e8a60aa7404bfef37705da5607c97737073ac38d,0e6115c2f2facaed9593c16ad2e5accd487f5c52)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e8a60aa7404bfef37705da5607c97737073ac38d,5de34126fb2edf8ab7f25d677b132e92d8bf9ede)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e8a60aa7404bfef37705da5607c97737073ac38d,d78e74adc5cfff7afd9d03b9da8058a7e435f9bc)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e8a60aa7404bfef37705da5607c97737073ac38d,d1a196e0a6dcddd03748468a0e9e3100790fc85c)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.11"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,5.11)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.1.167,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.6.130,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.12.77,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-03-26T04:28:45.541218+00:00", "value": {"mitigation_remediation": ["Determine the current kernel release and confirm whether the Dell WMI sysman hex dump removal has been applied by checking the kernel changelog or relevant commit logs.", "If the kernel is still vulnerable, upgrade to a kernel version that incorporates the fix, or manually apply the patch from the provided commit references.", "Reboot the system to load the patched kernel and verify that no hex dump of plaintext passwords occurs during password change activity."], "summary": {"action": "Patch", "impact": "Credential Disclosure"}, "threat_synthesis": {"affected_systems": "All Linux kernel releases that include the Dell WMI sysman driver for x86 hardware are potentially affected. The vendor claims no specific distribution or kernel version is isolated; the issue exists as long as the unpatched implementation of set_new_password() is present in the kernel image.", "description_and_impact": "The flaw is in the Dell WMI sysman driver for x86 Linux kernels, where the set_new_password() routine hex dumps the full password buffer. That buffer contains both the current and new plaintext passwords, which means that any entity able to read the generated dump can obtain user credentials. The vulnerability has been fixed by removing the hex dump, preventing the credentials from being exposed in the kernel logs or other debug output.", "risk_and_exploitability": "The CVSS score of 4.4 places the vulnerability in the low\u2011severity range, and the EPSS estimate of less than 1\u202f% indicates a very low probability of exploitation in the wild. It is not recorded in the CISA KEV catalog. The likely attack path would involve an adversary with local privileged access who can trigger the password change operation and then read the kernel dump or logs. Because the flaw requires privileged interaction with the kernel and reading of debug output, the practical barrier to exploitation is high; however, for environments where credential privacy is critical, the risk remains noteworthy."}}}}, "created": "2026-03-25T21:31:45.847384+00:00", "updated": "2026-03-26T12:15:48.680147+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}