{"id":"CVE-2026-23335","summary":"RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()\n\nstruct irdma_create_ah_resp {  // 8 bytes, no padding\n    __u32 ah_id;               // offset 0 - SET (uresp.ah_id = ah-\u003esc_ah.ah_info.ah_idx)\n    __u8  rsvd[4];             // offset 4 - NEVER SET \u003c- LEAK\n};\n\nrsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().\n\nThe reserved members of the structure were not zeroed.","modified":"2026-04-14T03:48:22.748339Z","published":"2026-03-25T10:27:25.418Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23335.json"},"references":[{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"},{"type":"WEB","url":"https://git.kernel.org/stable/c/14b47c07c69930254f549a17ee245c80a65b1609"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1b1fac4c7a3ab7f52e9cfb91e5c91216646ca4d8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2fd37450d271d74b3847baed284f9cfdf198c6f8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/74586c6da9ea222a61c98394f2fc0a604748438c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c9bd0007c4bdb7806bbd323287e50f9cf467c51a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cfe962216c164fe2b1c1fb6ac925a7413f5abc84"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23335.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23335"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"b48c24c2d710cf34810c555dcef883a3d35a9c08"},{"fixed":"14b47c07c69930254f549a17ee245c80a65b1609"},{"fixed":"1b1fac4c7a3ab7f52e9cfb91e5c91216646ca4d8"},{"fixed":"2fd37450d271d74b3847baed284f9cfdf198c6f8"},{"fixed":"cfe962216c164fe2b1c1fb6ac925a7413f5abc84"},{"fixed":"c9bd0007c4bdb7806bbd323287e50f9cf467c51a"},{"fixed":"74586c6da9ea222a61c98394f2fc0a604748438c"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23335.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.14.0"},{"fixed":"6.1.167"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.130"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.77"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.17"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.7"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23335.json"}}],"schema_version":"1.7.5"}