CVE-2026-23370

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the platform/x86/dell-wmi-sysman component. The set new password() function improperly hex dumps a buffer containing plaintext password data, including both current and new passwords, potentially leading to credential leakage. The function dumps the entire buffer, exposing sensitive information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-23370

ECHO-A527-41A1-1A46

OPENSUSE-SU-2026:20826-1

SUSE-SU-2026:21841-1

SUSE-SU-2026:21845-1

SUSE-SU-2026:21860-1

SUSE-SU-2026:21876-1

SUSE-SU-2026:21877-1

SUSE-SU-2026:21916-1

SUSE-SU-2026:21919-1

SUSE-SU-2026:2217-1

Affected Products

Dell Wmi

Linux Kernel

CVE-2026-23370

Related Identifiers

Affected Products

References · 24