SB2026032561 - Exposure of sensitive information to an unauthorized actor in Linux kernel hw ionic driver

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026032561

SB2026032561 - Exposure of sensitive information to an unauthorized actor in Linux kernel hw ionic driver

Published: March 25, 2026

Security Bulletin ID SB2026032561
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2026-23384)

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to improper initialization of stack memory in the RDMA/ionic driver when handling control queue creation. A local user can trigger the creation of a control queue via the ionic_create_cq() interface, causing uninitialized stack memory to be returned to userspace, which may disclose up to 11 bytes of kernel stack data.

The disclosed data may include portions of kernel stack memory due to partial initialization of the response structure before being copied to userspace.


Remediation

Install update from vendor's website.

References