VDB

CVE-2026-23370

CVE-2026-23370 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data set_new_password() hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking credentials.

EPSS 0.02% · 4.7th percentile

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.02%
4.7th percentile

Affected Products

VendorProductVersions
linuxlinux_kernel5.11, 5.11, 5.11
LinuxLinuxe8a60aa7404bfef37705da5607c97737073ac38d, e8a60aa7404bfef37705da5607c97737073ac38d, e8a60aa7404bfef37705da5607c97737073ac38d

Timeline

  • Mar 25, 2026 EPSS Score
  • Mar 25, 2026 Coalition ESS Score
  • Mar 25, 2026 CVE Published
  • Mar 29, 2026 Security Advisory
  • Mar 29, 2026 PoC Published
  • Mar 31, 2026 Security Advisory
  • Mar 31, 2026 Security Advisory
  • Mar 31, 2026 Security Advisory
  • Mar 31, 2026 Security Advisory
  • Mar 31, 2026 Security Advisory
  • Mar 31, 2026 Security Advisory
  • Mar 31, 2026 Security Advisory

References

…and 132 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›