CVE-2026-22978
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/01/2026
Last modified:
23/01/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
wifi: avoid kernel-infoleak from struct iw_point<br />
<br />
struct iw_point has a 32bit hole on 64bit arches.<br />
<br />
struct iw_point {<br />
void __user *pointer; /* Pointer to the data (in user space) */<br />
__u16 length; /* number of fields or size in bytes */<br />
__u16 flags; /* Optional params */<br />
};<br />
<br />
Make sure to zero the structure to avoid disclosing 32bits of kernel data<br />
to user space.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/024f71a57d563fbe162e528c8bf2d27e9cac7c7b
- https://git.kernel.org/stable/c/21cbf883d073abbfe09e3924466aa5e0449e7261
- https://git.kernel.org/stable/c/442ceac0393185e9982323f6682a52a53e8462b1
- https://git.kernel.org/stable/c/a3827e310b5a73535646ef4a552d53b3c8bf74f6
- https://git.kernel.org/stable/c/d21ec867d84c9f3a9845d7d8c90c9ce35dbe48f8
- https://git.kernel.org/stable/c/d943b5f592767b107ba8c12a902f17431350378c
- https://git.kernel.org/stable/c/e3c35177103ead4658b8a62f41e3080d45885464