CVE-2026-22978
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-02-26
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.11 (inc) to 5.15.198 (exc) |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.6 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.121 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.66 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.161 (exc) |
| linux | linux_kernel | From 2.6.27 (inc) to 5.10.248 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a kernel information leak in the Linux kernel's wifi component related to the struct iw_point. On 64-bit architectures, struct iw_point contains a 32-bit hole that can unintentionally disclose kernel data to user space if not properly zeroed out. The issue arises because the structure's memory is not fully cleared, allowing sensitive kernel information to leak.
How can this vulnerability impact me? :
The vulnerability can lead to unintended disclosure of kernel memory data to user space, potentially exposing sensitive information. This information leak could be exploited by attackers to gain insights into kernel memory layout or other sensitive data, which might aid in further attacks or privilege escalation.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the Linux kernel version that includes the fix for this vulnerability, which ensures that the struct iw_point is zeroed to avoid leaking kernel data to user space.