CVE Catalog

CVE-2026-23370

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

In the Linux kernel, the dell-wmi-sysman driver's set_new_password() function hex dumped the entire buffer containing plaintext passwords. The hex dump has been removed to prevent credential leakage.

Risk Assessment

The organization is at risk of plaintext password exposure, potentially leading to unauthorized access to Dell systems managed via WMI.

Recommendation

Immediately update the Linux kernel to a version that includes the fix removing the hex dump of passwords in the dell-wmi-sysman driver.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data set_new_password() hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking credentials.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS