46 matches found
EUVD-2026-38890
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: bound enumeration string aggregation populateenumdata aggregates firmware-provided value-modifier and possible-value strings into fixed 512-byte struct members. The current code bounds each individu...
CVE-2026-53022
The CVE-2026-53022 issue affects the Linux kernel (platform/x86: dell-wmi-sysman). The vulnerability arises in populate_enum_data(), where firmware-provided value-modifier and possible-value strings are appended with raw strcat() into fixed 512-byte members, after per-source bounds checks, enabli...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore If the ‘buf’ array received from the user contains an empty string, the ‘length’ variable will be zero. Accessing the ‘buf’ array element with index...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dell-smbios-wmi: Fixed an oop in rmmod dellsmbios. The initdellsmbioswmi function only registers the dellsmbioswmidriver on systems where the Dell WMI interface is supported. While the exitdellsmbioswmi function...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dell-wmi-sysman: Do not perform hex dumping of plaintext password data. setnewpassword performs hex dumping of the entire buffer, which contains plaintext password data, including current and new passwords. Remove...
platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
...
SUSE CVE-2026-23370
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data setnewpassword hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking...
CVE-2026-23370
A flaw was found in the dell-wmi-sysman component of the Linux kernel. This vulnerability occurs because the setnewpassword function incorrectly hex dumps the entire buffer, which includes sensitive plaintext password data. A local attacker could exploit this to disclose user credentials, leading...
EUVD-2026-15355
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data setnewpassword hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking...
CVE-2026-23370
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data setnewpassword hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking...
CVE-2026-23370
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data setnewpassword hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking...
UBUNTU-CVE-2026-23370
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data setnewpassword hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking...
CVE-2026-23370
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data setnewpassword hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking...
CVE-2026-23370
CVE-2026-23370 concerns a Linux kernel vulnerability in platform/x86: dell-wmi-sysman where set_new_password() hex dumps the buffer containing plaintext passwords (including current/new passwords). The issue could leak credentials locally and is mitigated by removing the hex dump; upstream kernel...
CVE-2026-23370 platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data setnewpassword hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking...
CVE-2026-23370
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data setnewpassword hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking...
CVE-2026-23370 platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data setnewpassword hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking...
Linux Distros Unpatched Vulnerability : CVE-2026-23370
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data setnewpassword hex dumps the entire buffer, which contains plaintext password data,...
ROS-20260313-73-0016
A vulnerability in the dell-wmi-sysman component of the Linux kernel is related to null pointer dereferencing. Exploitation of the vulnerability may allow an attacker to affect confidentiality, integrity and availability of protected information...
ROS-20260205-73-0033
A vulnerability in the currentpasswordstore function of the dell-wmi-sysman driver of the Linux kernel is related to buffer copying without input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...