CVE-2026-23335Use of Uninitialized Resource in Linux

CWE-908Use of Uninitialized Resource8 documents7 sources
Severity
7.1HIGH
No vector
EPSS
0.0%
top 90.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() struct irdma_create_ah_resp { // 8 bytes, no padding __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah->sc_ah.ah_info.ah_idx) __u8 rsvd[4]; // offset 4 - NEVER SET <- LEAK }; rsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata(). The reserved members of the structure were not zeroed.

Affected Packages5 packages

Linuxlinux/linux_kernel5.14.06.1.167+4
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linuxb48c24c2d710cf34810c555dcef883a3d35a9c0814b47c07c69930254f549a17ee245c80a65b1609+6
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2026-23335: In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() struct irdma_create_ah2026-03-25
OSV
RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()2026-03-25
GHSA
GHSA-j6q7-jcx4-9hr4: In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() struct irdma_create_2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()2026-03-25
Microsoft
RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()2026-03-10
Debian
CVE-2026-23335: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma:...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23335 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23335 — Use of Uninitialized Resource in Linux | cvebase