CVE-2026-23370 — Plaintext Storage of a Password in Linux

CWE-256 — Plaintext Storage of a Password8 documents7 sources

Severity

4.4MEDIUM

No vector

EPSS

0.0%

top 90.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +1 more

Timeline

PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data set_new_password() hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking credentials.

Affected Packages5 packages

▶Linuxlinux/linux_kernel5.11.0 — 6.1.167+4

▶Debianlinux/linux_kernel< 6.19.8-1

▶msrcmsrc/azl3_kernel_6.6.126.1-1_on_azure_linux_3.0

▶CVEListV5linux/linuxe8a60aa7404bfef37705da5607c97737073ac38d — d9e785bd62d2ac23cf29a75dcfea8c8087fd3870+6

▶debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

OSV

platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data↗2026-03-25

▶

OSV

CVE-2026-23370: In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data set_new_pass↗2026-03-25

▶

GHSA

GHSA-qvvw-8673-33g5: In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data set_new_pa↗2026-03-25

▶

📋Vendor Advisories

Red Hat

kernel: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data↗2026-03-25

▶

Microsoft

platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data↗2026-03-10

▶

Debian

CVE-2026-23370: linux - In the Linux kernel, the following vulnerability has been resolved: platform/x8...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23370 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶