CVE Catalog

CVE-2026-23335

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

In the Linux kernel irdma driver, a kernel stack leak was found in irdma_create_user_ah(). The reserved field of the response structure is not zeroed before being sent to userspace, leaking 4 bytes of stack memory.

Risk Assessment

A local user can read sensitive kernel stack data, potentially revealing information about other processes or system configuration, increasing the risk of privilege escalation.

Recommendation

Apply the Linux kernel patch for CVE-2026-23335 immediately, which zeroes the reserved field before responding to userspace.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() struct irdma_create_ah_resp { // 8 bytes, no padding __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah->sc_ah.ah_info.ah_idx) __u8 rsvd[4]; // offset 4 - NEVER SET <- LEAK }; rsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata(). The reserved members of the structure were not zeroed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS