Summaryinfo

A vulnerability has been found in Linux Kernel up to 7.0-rc2 and classified as problematic. This affects the function set_new_password. Performing a manipulation results in missing encryption. This vulnerability is reported as CVE-2026-23370. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

Detailsinfo

A vulnerability classified as problematic has been found in Linux Kernel up to 7.0-rc2. This affects the function set_new_password. The manipulation with an unknown input leads to a missing encryption vulnerability. CWE is classifying the issue as CWE-311. The product does not encrypt sensitive or critical information before storage or transmission. This is going to have an impact on confidentiality. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data set_new_password() hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking credentials.

The advisory is shared at git.kernel.org. This vulnerability is uniquely identified as CVE-2026-23370 since 01/13/2026. The exploitability is told to be easy. It is possible to initiate the attack remotely. Additional levels of successful authentication are required for exploitation. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1600 for this issue.

Upgrading to version 6.1.167, 6.6.130, 6.12.77, 6.18.17, 6.19.7 or 7.0-rc3 eliminates this vulnerability. Applying the patch d9e785bd62d2ac23cf29a75dcfea8c8087fd3870/411ba3cd837f7825c0e648e155bc505641f95854/0e6115c2f2facaed9593c16ad2e5accd487f5c52/5de34126fb2edf8ab7f25d677b132e92d8bf9ede/d78e74adc5cfff7afd9d03b9da8058a7e435f9bc/d1a196e0a6dcddd03748468a0e9e3100790fc85c is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.1.166
• 6.6.129
• 6.12.0
• 6.12.1
• 6.12.2
• 6.12.3
• 6.12.4
• 6.12.5
• 6.12.6
• 6.12.7
• 6.12.8
• 6.12.9
• 6.12.10
• 6.12.11
• 6.12.12
• 6.12.13
• 6.12.14
• 6.12.15
• 6.12.16
• 6.12.17
• 6.12.18
• 6.12.19
• 6.12.20
• 6.12.21
• 6.12.22
• 6.12.23
• 6.12.24
• 6.12.25
• 6.12.26
• 6.12.27
• 6.12.28
• 6.12.29
• 6.12.30
• 6.12.31
• 6.12.32
• 6.12.33
• 6.12.34
• 6.12.35
• 6.12.36
• 6.12.37
• 6.12.38
• 6.12.39
• 6.12.40
• 6.12.41
• 6.12.42
• 6.12.43
• 6.12.44
• 6.12.45
• 6.12.46
• 6.12.47
• 6.12.48
• 6.12.49
• 6.12.50
• 6.12.51
• 6.12.52
• 6.12.53
• 6.12.54
• 6.12.55
• 6.12.56
• 6.12.57
• 6.12.58
• 6.12.59
• 6.12.60
• 6.12.61
• 6.12.62
• 6.12.63
• 6.12.64
• 6.12.65
• 6.12.66
• 6.12.67
• 6.12.68
• 6.12.69
• 6.12.70
• 6.12.71
• 6.12.72
• 6.12.73
• 6.12.74
• 6.12.75
• 6.12.76
• 6.18.0
• 6.18.1
• 6.18.2
• 6.18.3
• 6.18.4
• 6.18.5
• 6.18.6
• 6.18.7
• 6.18.8
• 6.18.9
• 6.18.10
• 6.18.11
• 6.18.12
• 6.18.13
• 6.18.14
• 6.18.15
• 6.18.16
• 6.19.0
• 6.19.1
• 6.19.2
• 6.19.3
• 6.19.4
• 6.19.5
• 6.19.6
• 7.0-rc1
• 7.0-rc2

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion