{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23370", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.003Z", "datePublished": "2026-03-25T10:27:51.370Z", "dateUpdated": "2026-05-11T22:05:33.862Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:05:33.862Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Don't hex dump plaintext password data\n\nset_new_password() hex dumps the entire buffer, which contains plaintext\npassword data, including current and new passwords. Remove the hex dump\nto avoid leaking credentials."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/dell/dell-wmi-sysman/passwordattr-interface.c"], "versions": [{"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "9bbb420f202834363e1e25435e49db0a385c2232", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "d9e785bd62d2ac23cf29a75dcfea8c8087fd3870", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "411ba3cd837f7825c0e648e155bc505641f95854", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "0e6115c2f2facaed9593c16ad2e5accd487f5c52", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "5de34126fb2edf8ab7f25d677b132e92d8bf9ede", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "d78e74adc5cfff7afd9d03b9da8058a7e435f9bc", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "d1a196e0a6dcddd03748468a0e9e3100790fc85c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/dell/dell-wmi-sysman/passwordattr-interface.c"], "versions": [{"version": "5.11", "status": "affected"}, {"version": "0", "lessThan": "5.11", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9bbb420f202834363e1e25435e49db0a385c2232"}, {"url": "https://git.kernel.org/stable/c/d9e785bd62d2ac23cf29a75dcfea8c8087fd3870"}, {"url": "https://git.kernel.org/stable/c/411ba3cd837f7825c0e648e155bc505641f95854"}, {"url": "https://git.kernel.org/stable/c/0e6115c2f2facaed9593c16ad2e5accd487f5c52"}, {"url": "https://git.kernel.org/stable/c/5de34126fb2edf8ab7f25d677b132e92d8bf9ede"}, {"url": "https://git.kernel.org/stable/c/d78e74adc5cfff7afd9d03b9da8058a7e435f9bc"}, {"url": "https://git.kernel.org/stable/c/d1a196e0a6dcddd03748468a0e9e3100790fc85c"}], "title": "platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B3765FE-A0F5-41FF-8AE3-FFD52A6CE3E0", "versionEndExcluding": "5.15.203", "versionStartIncluding": "5.11.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EDC6BAF-B710-4E26-B6AA-D68922EE7B43", "versionEndExcluding": "6.1.167", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C57BB918-DF28-46B3-94F7-144176841267", "versionEndExcluding": "6.6.130", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3D12E00-E42D-4056-B354-BAD4903C03A5", "versionEndExcluding": "6.12.77", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5E006E4-59C7-43C1-9231-62A72219F2BA", "versionEndExcluding": "6.18.17", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "69245D10-0B71-485E-80C3-A64F077004D3", "versionEndExcluding": "6.19.7", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.11:-:*:*:*:*:*:*", "matchCriteriaId": "7AD3510E-E8FA-47F3-9AD5-D8EA4A2719D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Don't hex dump plaintext password data\n\nset_new_password() hex dumps the entire buffer, which contains plaintext\npassword data, including current and new passwords. Remove the hex dump\nto avoid leaking credentials."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nplatform/x86: dell-wmi-sysman: No volcar en hexadecimal datos de contrase\u00f1a en texto plano\n\nset_new_password() vuelca en hexadecimal el b\u00fafer completo, que contiene datos de contrase\u00f1a en texto plano, incluyendo contrase\u00f1as actuales y nuevas. Eliminar el volcado en hexadecimal para evitar la fuga de credenciales."}], "id": "CVE-2026-23370", "lastModified": "2026-04-24T16:37:55.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-25T11:16:36.527", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0e6115c2f2facaed9593c16ad2e5accd487f5c52"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/411ba3cd837f7825c0e648e155bc505641f95854"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5de34126fb2edf8ab7f25d677b132e92d8bf9ede"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9bbb420f202834363e1e25435e49db0a385c2232"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d1a196e0a6dcddd03748468a0e9e3100790fc85c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d78e74adc5cfff7afd9d03b9da8058a7e435f9bc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d9e785bd62d2ac23cf29a75dcfea8c8087fd3870"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data", "id": "2451225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451225"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-256", "details": ["A flaw was found in the dell-wmi-sysman component of the Linux kernel. This vulnerability occurs because the set_new_password() function incorrectly hex dumps the entire buffer, which includes sensitive plaintext password data. A local attacker could exploit this to disclose user credentials, leading to unauthorized access."], "mitigation": {"lang": "en:us", "value": "Restrict access to kernel logs (dmesg) via kernel.dmesg_restrict sysctl setting."}, "name": "CVE-2026-23370", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23370\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23370\nhttps://lore.kernel.org/linux-cve-announce/2026032540-CVE-2026-23370-02d2@gregkh/T"], "statement": "This flaw affects Dell systems using the dell-wmi-sysman driver for BIOS password management. The debug hex dump exposes plaintext current and new passwords to kernel logs (dmesg). A local user with access to kernel logs could retrieve BIOS passwords. This is an information disclosure issue rather than code execution.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e8a60aa7404bfef37705da5607c97737073ac38d,d9e785bd62d2ac23cf29a75dcfea8c8087fd3870)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e8a60aa7404bfef37705da5607c97737073ac38d,411ba3cd837f7825c0e648e155bc505641f95854)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e8a60aa7404bfef37705da5607c97737073ac38d,0e6115c2f2facaed9593c16ad2e5accd487f5c52)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e8a60aa7404bfef37705da5607c97737073ac38d,5de34126fb2edf8ab7f25d677b132e92d8bf9ede)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e8a60aa7404bfef37705da5607c97737073ac38d,d78e74adc5cfff7afd9d03b9da8058a7e435f9bc)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e8a60aa7404bfef37705da5607c97737073ac38d,d1a196e0a6dcddd03748468a0e9e3100790fc85c)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.11"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,5.11)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.1.167,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.6.130,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.12.77,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T17:01:43.073299+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that removes the hex dump in set_new_password().", "Disable or unload the Dell WMI Sysman driver if not required for system operation.", "Configure system safeguards (e.g., SELinux or AppArmor policies) to restrict Dell WMI Sysman driver usage to privileged users only."], "summary": {"action": "Apply Patch", "impact": "Credential Exposure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Linux kernel across all platforms where the Dell WMI Sysman driver is compiled. No specific kernel releases are enumerated, so it applies broadly to any install of the affected driver.", "description_and_impact": "In the Linux kernel, a flaw in the Dell WMI Sysman driver causes the set_new_password() routine to hex\u2011dump the entire password buffer, exposing plaintext current and new passwords. This demonstrates an insecure handling of sensitive credential data (CWE\u2011256) that could allow an attacker to retrieve user passwords through the kernel's debug output.", "risk_and_exploitability": "The CVSS score of 5.5 indicates a moderate severity, and the EPSS score of less than 1% suggests the likelihood of exploitation is low. The CVE is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation would require local access to the system with sufficient privileges to trigger the set_new_password() routine, likely through a WMI interface on Dell hardware. The attack vector is inferred as local privilege escalation rather than remote exploitation."}}}}, "created": "2026-03-25T21:31:45.847384+00:00", "updated": "2026-04-28T17:15:21.230687+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}