Description
In the Linux kernel, the following vulnerability has been resolved:

wifi: avoid kernel-infoleak from struct iw_point

struct iw_point has a 32bit hole on 64bit arches.

struct iw_point {
void __user *pointer; /* Pointer to the data (in user space) */
__u16 length; /* number of fields or size in bytes */
__u16 flags; /* Optional params */
};

Make sure to zero the structure to avoid disclosing 32bits of kernel data
to user space.
Published: 2026-01-23
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Kernel Information Disclosure
Action: Patch Kernel
AI Analysis

Impact

The vulnerability arises when the Linux kernel does not clear the struct iw_point on 64‑bit architectures, allowing a user‑space process to read 32 bits of kernel data via wifi ioctl calls. The primary impact is the disclosure of kernel memory contents, which could aid an attacker in building an exploit. The attack vector is inferred from the description: a crafted struct iw_point sent through a wifi ioctl can trigger the leak without requiring elevated privileges.

Affected Systems

All Linux kernel builds that contain the unpatched struct iw_point implementation are affected. The CPE list includes every Linux kernel and specifically the 6.19 release candidates 6.19rc1 through rc4. Stable kernels derived from the same source tree before the patch were also affected; therefore, any current 64‑bit kernel version lacking the zeroing fix is potentially vulnerable.

Risk and Exploitability

The CVSS score of 3.3 classifies this as low severity. The EPSS score indicates an exploitation likelihood of less than 1%, and the vulnerability is not listed in the CISA KEV catalog. An attacker can trigger the leak from any user‑space process able to issue wifi ioctl commands; no privilege escalation is required, but the disclosed information could be useful for subsequent attacks.

Generated by OpenCVE AI on April 18, 2026 at 15:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that includes the patch that zeroes struct iw_point, such as the latest stable kernel or the backported commit available on kernel.org.
  • Rebuild all wifi drivers and user‑space utilities against the updated kernel headers to guarantee the struct is zeroed before being populated.
  • If a kernel upgrade is delayed, limit the use of wifi ioctl interfaces to trusted applications only and monitor for unexpected ioctl activity, which may indicate abuse of the information disclosure.

Generated by OpenCVE AI on April 18, 2026 at 15:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4475-1 linux security update
Debian DLA Debian DLA DLA-4476-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6126-1 linux security update
Debian DSA Debian DSA DSA-6127-1 linux security update
Ubuntu USN Ubuntu USN USN-8096-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8096-2 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8096-3 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8096-4 Linux kernel (Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8096-5 Linux kernel (NVIDIA Tegra IGX) vulnerabilities
Ubuntu USN Ubuntu USN USN-8116-1 Linux kernel (Intel IoTG Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8141-1 Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN Ubuntu USN USN-8163-1 Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8163-2 Linux kernel (Azure) vulnerabilities
History

Thu, 26 Feb 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Sat, 24 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Fri, 23 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iw_point struct iw_point has a 32bit hole on 64bit arches. struct iw_point { void __user *pointer; /* Pointer to the data (in user space) */ __u16 length; /* number of fields or size in bytes */ __u16 flags; /* Optional params */ }; Make sure to zero the structure to avoid disclosing 32bits of kernel data to user space.
Title wifi: avoid kernel-infoleak from struct iw_point
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-09T08:36:28.236Z

Reserved: 2026-01-13T15:37:45.936Z

Link: CVE-2026-22978

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-01-23T16:15:53.783

Modified: 2026-02-26T20:17:16.280

Link: CVE-2026-22978

cve-icon Redhat

Severity : Low

Publid Date: 2026-01-23T00:00:00Z

Links: CVE-2026-22978 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:15:03Z

Weaknesses