Bug 2451242 (CVE-2026-23335) - CVE-2026-23335 kernel: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
Summary: CVE-2026-23335 kernel: RDMA/irdma: Fix kernel stack leak in irdma_create_user...
Keywords:
Status: NEW
Alias: CVE-2026-23335
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-03-25 11:06 UTC by OSIDB Bzimport
Modified: 2026-03-25 23:18 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-03-25 11:06:37 UTC 
In the Linux kernel, the following vulnerability has been resolved:

RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()

struct irdma_create_ah_resp {  // 8 bytes, no padding
    __u32 ah_id;               // offset 0 - SET (uresp.ah_id = ah->sc_ah.ah_info.ah_idx)
    __u8  rsvd[4];             // offset 4 - NEVER SET <- LEAK
};

rsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().

The reserved members of the structure were not zeroed.
Comment 1 Alexander B 2026-03-25 13:50:16 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026032533-CVE-2026-23335-602d@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.