CVE-2026-23384Use of Uninitialized Resource in Linux

CWE-908Use of Uninitialized Resource7 documents6 sources
Severity
5.3MEDIUM
No vector
EPSS
0.0%
top 94.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix kernel stack leak in ionic_create_cq() struct ionic_cq_resp resp { __u32 cqid[2]; // offset 0 - PARTIALLY SET (see below) __u8 udma_mask; // offset 8 - SET (resp.udma_mask = vcq->udma_mask) __u8 rsvd[7]; // offset 9 - NEVER SET udma_mask & BIT(udma_idx)). The array has 2 entries but udma_count could be 1, meaning cqid[1] might never be written via ionic_create_cq_common(). If udma_mask only has bit 0 set, cqid[

Affected Packages4 packages

Linuxlinux/linux_kernel6.18.06.18.17+1
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linuxe8521822c733c6deab0f339843cd37cd62c12795a6f3e0fa8e862f220c26c2f27e5ddc42eb82ad3e+3
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2026-23384: In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix kernel stack leak in ionic_create_cq() struct ionic_cq_resp resp {2026-03-25
OSV
RDMA/ionic: Fix kernel stack leak in ionic_create_cq()2026-03-25
GHSA
GHSA-6pc7-mm64-g3v9: In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix kernel stack leak in ionic_create_cq() struct ionic_cq_resp resp2026-03-25

📋Vendor Advisories

2
Red Hat
kernel: RDMA/ionic: Fix kernel stack leak in ionic_create_cq()2026-03-25
Debian
CVE-2026-23384: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic:...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23384 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23384 — Use of Uninitialized Resource in Linux | cvebase