CVE-2026-23370
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
In the Linux kernel, the dell-wmi-sysman driver's set_new_password() function hex dumped the entire buffer containing plaintext passwords. The hex dump has been removed to prevent credential leakage.
Risk Assessment
The organization is at risk of plaintext password exposure, potentially leading to unauthorized access to Dell systems managed via WMI.
Recommendation
Immediately update the Linux kernel to a version that includes the fix removing the hex dump of passwords in the dell-wmi-sysman driver.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data set_new_password() hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking credentials.

