CVE-2026-23384

Published: Mar 25, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix kernel stack leak in ionic_create_cq() struct ionic_cq_resp resp { __u32 cqid[2]; // offset 0 - PARTIALLY SET (see below) __u8 udma_mask; // offset 8 - SET (resp.udma_mask = vcq->udma_mask) __u8 rsvd[7]; // offset 9 - NEVER SET <- LEAK }; rsvd[7]: 7 bytes of stack memory leaked unconditionally. cqid[2]: The loop at line 1256 iterates over udma_idx but skips indices where !(vcq->udma_mask & BIT(udma_idx)). The array has 2 entries but udma_count could be 1, meaning cqid[1] might never be written via ionic_create_cq_common(). If udma_mask only has bit 0 set, cqid[1] (4 bytes) is also leaked. So potentially 11 bytes leaked.

Vendor	Product	Versions
Linux	Linux	affected `e8521822c733c6deab0f339843cd37cd62c12795 - < a6f3e0fa8e862f220c26c2f27e5ddc42eb82ad3e` affected `e8521822c733c6deab0f339843cd37cd62c12795 - < 547d0b07ad73915b323bc21f85c5d3252bebbbcf` affected `e8521822c733c6deab0f339843cd37cd62c12795 - < faa72102b178c7ae6c6afea23879e7c84fc59b4e`
Linux	Linux	affected `6.18` unaffected `0 - < 6.18` unaffected `6.18.17 - <= 6.18.` unaffected `6.19.7 - <= 6.19.` unaffected `7.0 - <= *`

References

https://git.kernel.org/stable/c/a6f3e0fa8e862f220c26c2f27e5ddc42eb82ad3e

https://git.kernel.org/stable/c/547d0b07ad73915b323bc21f85c5d3252bebbbcf

https://git.kernel.org/stable/c/faa72102b178c7ae6c6afea23879e7c84fc59b4e

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-23384

Description

Affected Products

References