CVE-2026-23370
Description
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
set_new_password() hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Plaintext password leak in Linux kernel dell-wmi-sysman driver via hex dump in set_new_password().
Vulnerability
The Linux kernel's dell-wmi-sysman driver contains a vulnerability in the set_new_password() function, which performs a hex dump of the entire input buffer. This buffer includes plaintext password data, specifically the current and new passwords [1].
Exploitation
The hex dump output is typically logged to the kernel log (e.g., via printk), making it accessible to any local user with permission to read kernel logs. No special privileges beyond local access may be required if logs are world-readable.
Impact
An attacker with local access to kernel logs can retrieve plaintext passwords for the Dell WMI sysman interface, leading to credential exposure.
Mitigation
The fix removes the offending hex dump call. The patch has been applied to multiple stable kernel trees [1][2][3][4]. Users should update to the latest stable kernels to protect against this information leak.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.11.1,<5.15.203
- cpe:2.3:o:linux:linux_kernel:5.11:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/0e6115c2f2facaed9593c16ad2e5accd487f5c52nvdPatch
- git.kernel.org/stable/c/411ba3cd837f7825c0e648e155bc505641f95854nvdPatch
- git.kernel.org/stable/c/5de34126fb2edf8ab7f25d677b132e92d8bf9edenvdPatch
- git.kernel.org/stable/c/9bbb420f202834363e1e25435e49db0a385c2232nvdPatch
- git.kernel.org/stable/c/d1a196e0a6dcddd03748468a0e9e3100790fc85cnvdPatch
- git.kernel.org/stable/c/d78e74adc5cfff7afd9d03b9da8058a7e435f9bcnvdPatch
- git.kernel.org/stable/c/d9e785bd62d2ac23cf29a75dcfea8c8087fd3870nvdPatch
News mentions
0No linked articles in our index yet.