{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23370", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.003Z", "datePublished": "2026-03-25T10:27:51.370Z", "dateUpdated": "2026-03-25T10:27:51.370Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:51.370Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Don't hex dump plaintext password data\n\nset_new_password() hex dumps the entire buffer, which contains plaintext\npassword data, including current and new passwords. Remove the hex dump\nto avoid leaking credentials."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/dell/dell-wmi-sysman/passwordattr-interface.c"], "versions": [{"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "d9e785bd62d2ac23cf29a75dcfea8c8087fd3870", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "411ba3cd837f7825c0e648e155bc505641f95854", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "0e6115c2f2facaed9593c16ad2e5accd487f5c52", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "5de34126fb2edf8ab7f25d677b132e92d8bf9ede", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "d78e74adc5cfff7afd9d03b9da8058a7e435f9bc", "status": "affected", "versionType": "git"}, {"version": "e8a60aa7404bfef37705da5607c97737073ac38d", "lessThan": "d1a196e0a6dcddd03748468a0e9e3100790fc85c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/dell/dell-wmi-sysman/passwordattr-interface.c"], "versions": [{"version": "5.11", "status": "affected"}, {"version": "0", "lessThan": "5.11", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/d9e785bd62d2ac23cf29a75dcfea8c8087fd3870"}, {"url": "https://git.kernel.org/stable/c/411ba3cd837f7825c0e648e155bc505641f95854"}, {"url": "https://git.kernel.org/stable/c/0e6115c2f2facaed9593c16ad2e5accd487f5c52"}, {"url": "https://git.kernel.org/stable/c/5de34126fb2edf8ab7f25d677b132e92d8bf9ede"}, {"url": "https://git.kernel.org/stable/c/d78e74adc5cfff7afd9d03b9da8058a7e435f9bc"}, {"url": "https://git.kernel.org/stable/c/d1a196e0a6dcddd03748468a0e9e3100790fc85c"}], "title": "platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Don't hex dump plaintext password data\n\nset_new_password() hex dumps the entire buffer, which contains plaintext\npassword data, including current and new passwords. Remove the hex dump\nto avoid leaking credentials."}], "id": "CVE-2026-23370", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:36.527", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0e6115c2f2facaed9593c16ad2e5accd487f5c52"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/411ba3cd837f7825c0e648e155bc505641f95854"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5de34126fb2edf8ab7f25d677b132e92d8bf9ede"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d1a196e0a6dcddd03748468a0e9e3100790fc85c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d78e74adc5cfff7afd9d03b9da8058a7e435f9bc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d9e785bd62d2ac23cf29a75dcfea8c8087fd3870"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data", "id": "2451225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451225"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-256", "details": ["A flaw was found in the dell-wmi-sysman component of the Linux kernel. This vulnerability occurs because the set_new_password() function incorrectly hex dumps the entire buffer, which includes sensitive plaintext password data. A local attacker could exploit this to disclose user credentials, leading to unauthorized access."], "mitigation": {"lang": "en:us", "value": "Restrict access to kernel logs (dmesg) via kernel.dmesg_restrict sysctl setting."}, "name": "CVE-2026-23370", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23370\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23370\nhttps://lore.kernel.org/linux-cve-announce/2026032540-CVE-2026-23370-02d2@gregkh/T"], "statement": "This flaw affects Dell systems using the dell-wmi-sysman driver for BIOS password management. The debug hex dump exposes plaintext current and new passwords to kernel logs (dmesg). A local user with access to kernel logs could retrieve BIOS passwords. This is an information disclosure issue rather than code execution.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-03-25T11:56:57.467967+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that contains the patch removing the hex dump from set_new_password()", "If an immediate kernel upgrade is not feasible, restrict access to the Dell WMI Sysman interface to trusted administrators and disable the interface for unneeded systems", "Monitor kernel logs for any unexpected password dumps and audit for evidence of credential exposure"], "summary": {"action": "Patch Immediately", "impact": "Information exposure through plaintext password dumps"}, "threat_synthesis": {"affected_systems": "All Linux kernel implementations that include the Dell WMI Sysman driver on x86 hardware are affected, regardless of distribution. The specific vendor and product impact is the generic Linux kernel, with versions prior to the applied patch in the commit history linked in the references. No particular release numbering is supplied, so any kernel containing the vulnerable driver must be considered at risk.", "description_and_impact": "The vulnerability resides in the Dell WMI Sysman driver in the Linux kernel for x86 processors. The function set_new_password() previously performed a hex dump of the entire password buffer, which contained both the current and new passwords in cleartext. This exposed sensitive credential data to any observer of the kernel traces or logs that captured the hex dump, enabling credential theft. The flaw is a classic information disclosure weakness, matching CWE\u2011200: Exposure of Sensitive Information to an Unauthorized Actor.", "risk_and_exploitability": "The CVSS score and EPSS likelihood are not published for this issue, and it does not appear in the CISA KEV catalog. Attackers would need to be able to trigger a password change via the Dell WMI Sysman interface; this is likely a local or privilege\u2011elevated scenario rather than a remote one. If an attacker can observe kernel logs or capture debugging output, they can recover the plaintext passwords and subsequently use them against services or other systems. Once the patch removes the hex dump, the vulnerability is neutralized."}}}}, "created": "2026-03-25T21:31:45.847384+00:00", "updated": "2026-03-25T21:31:45.847412+00:00", "vendors": [], "weaknesses": ["CWE-200"]}