CVE-2026-23370 in Linux Kernel
Summary
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data set_new_password() hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking credentials.
Responsible
Linux
Reservation
01/13/2026
Disclosure
03/25/2026
Entries
| ID | Vulnerability | CWE | Base | Temp | 0day | Today | Exp | KEV | EPSS | CTI | Cou | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 353097 | Linux Kernel set_new_password missing encryption | 311 | 2.7 | 2.6 | $0-$5k | $0-$5k | Not defined | 0.00024 | 0.95 | Official fix | CVE-2026-23370 |