CVE-2026-23384

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A kernel stack leak exists in the RDMA/ionic component, specifically within the ionic create cq() function. The issue involves a leak of up to 11 bytes of stack memory due to uninitialized fields in the ionic cq resp structure. Specifically, the rsvd[7] field (7 bytes) is never set, leading to a leak, and under certain conditions where the udma mask only has the first bit set, the cqid[1] field (4 bytes) may also be leaked. The vulnerability occurs because the loop in ionic create cq common() skips indices where the udma mask does not have a corresponding bit set, potentially leaving cqid[1] unwritten.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.