CVE-2026-22978

LOW

Linux Kernel - Kernel Data Leak via Uninitialized iw_point Structure

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iw_point struct iw_point has a 32bit hole on 64bit arches. struct iw_point { void __user *pointer; /* Pointer to the data (in user space) */ __u16 length; /* number of fields or size in bytes */ __u16 flags; /* Optional params */ }; Make sure to zero the structure to avoid disclosing 32bits of kernel data to user space.

References (7)

Core 7

Core References

Patch

https://git.kernel.org/stable/c/d943b5f592767b107ba8c12a902f17431350378c

Patch

https://git.kernel.org/stable/c/a3827e310b5a73535646ef4a552d53b3c8bf74f6

Patch

https://git.kernel.org/stable/c/442ceac0393185e9982323f6682a52a53e8462b1

Patch

https://git.kernel.org/stable/c/d21ec867d84c9f3a9845d7d8c90c9ce35dbe48f8

Patch

https://git.kernel.org/stable/c/024f71a57d563fbe162e528c8bf2d27e9cac7c7b

Patch

https://git.kernel.org/stable/c/e3c35177103ead4658b8a62f41e3080d45885464

Patch

https://git.kernel.org/stable/c/21cbf883d073abbfe09e3924466aa5e0449e7261

Scores

CVSS v3 3.3

EPSS 0.0002

EPSS Percentile 6.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

Status published

Products (24)

linux/Kernel 2.6.27 - 5.10.248linux

linux/Kernel 5.11.0 - 5.15.198linux

linux/Kernel 5.16.0 - 6.1.161linux

linux/Kernel 6.13.0 - 6.18.6linux

linux/Kernel 6.2.0 - 6.6.121linux

linux/Kernel 6.7.0 - 6.12.66linux

Linux/Linux < 2.6.27

Linux/Linux 2.6.27

Linux/Linux 5.10.248 - 5.10.*

Linux/Linux 5.15.198 - 5.15.*

... and 14 more

Published Jan 23, 2026

Tracked Since Feb 18, 2026