CVE-2026-22978
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-23

Last updated on: 2026-02-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iw_point struct iw_point has a 32bit hole on 64bit arches. struct iw_point { void __user *pointer; /* Pointer to the data (in user space) */ __u16 length; /* number of fields or size in bytes */ __u16 flags; /* Optional params */ }; Make sure to zero the structure to avoid disclosing 32bits of kernel data to user space.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22978
EUVD
EUVD-2026-4312
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.11 (inc) to 5.15.198 (exc)
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.13 (inc) to 6.18.6 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.121 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.66 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.161 (exc)
linux linux_kernel From 2.6.27 (inc) to 5.10.248 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves a kernel information leak in the Linux kernel's wifi component related to the struct iw_point. On 64-bit architectures, struct iw_point contains a 32-bit hole that can unintentionally disclose kernel data to user space if not properly zeroed out. The issue arises because the structure's memory is not fully cleared, allowing sensitive kernel information to leak.

Impact Analysis

The vulnerability can lead to unintended disclosure of kernel memory data to user space, potentially exposing sensitive information. This information leak could be exploited by attackers to gain insights into kernel memory layout or other sensitive data, which might aid in further attacks or privilege escalation.

Mitigation Strategies

Apply the patch or update to the Linux kernel version that includes the fix for this vulnerability, which ensures that the struct iw_point is zeroed to avoid leaking kernel data to user space.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22978. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart