Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-23384
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-25 Mar, 2026 | 10:28
Updated At-11 May, 2026 | 22:05
Rejected At-
▼CVE Numbering Authority (CNA)
RDMA/ionic: Fix kernel stack leak in ionic_create_cq()

In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix kernel stack leak in ionic_create_cq() struct ionic_cq_resp resp { __u32 cqid[2]; // offset 0 - PARTIALLY SET (see below) __u8 udma_mask; // offset 8 - SET (resp.udma_mask = vcq->udma_mask) __u8 rsvd[7]; // offset 9 - NEVER SET <- LEAK }; rsvd[7]: 7 bytes of stack memory leaked unconditionally. cqid[2]: The loop at line 1256 iterates over udma_idx but skips indices where !(vcq->udma_mask & BIT(udma_idx)). The array has 2 entries but udma_count could be 1, meaning cqid[1] might never be written via ionic_create_cq_common(). If udma_mask only has bit 0 set, cqid[1] (4 bytes) is also leaked. So potentially 11 bytes leaked.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/infiniband/hw/ionic/ionic_controlpath.c
Default Status
unaffected
Versions
Affected
  • From e8521822c733c6deab0f339843cd37cd62c12795 before a6f3e0fa8e862f220c26c2f27e5ddc42eb82ad3e (git)
  • From e8521822c733c6deab0f339843cd37cd62c12795 before 547d0b07ad73915b323bc21f85c5d3252bebbbcf (git)
  • From e8521822c733c6deab0f339843cd37cd62c12795 before faa72102b178c7ae6c6afea23879e7c84fc59b4e (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/infiniband/hw/ionic/ionic_controlpath.c
Default Status
affected
Versions
Affected
  • 6.18
Unaffected
  • From 0 before 6.18 (semver)
  • From 6.18.17 through 6.18.* (semver)
  • From 6.19.7 through 6.19.* (semver)
  • From 7.0 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/a6f3e0fa8e862f220c26c2f27e5ddc42eb82ad3e
N/A
https://git.kernel.org/stable/c/547d0b07ad73915b323bc21f85c5d3252bebbbcf
N/A
https://git.kernel.org/stable/c/faa72102b178c7ae6c6afea23879e7c84fc59b4e
N/A
Hyperlink: https://git.kernel.org/stable/c/a6f3e0fa8e862f220c26c2f27e5ddc42eb82ad3e
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/547d0b07ad73915b323bc21f85c5d3252bebbbcf
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/faa72102b178c7ae6c6afea23879e7c84fc59b4e
Resource: N/A
Details not found