{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-22978","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:45.936Z","datePublished":"2026-01-23T15:24:00.482Z","dateUpdated":"2026-05-11T21:57:37.849Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:57:37.849Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: avoid kernel-infoleak from struct iw_point\n\nstruct iw_point has a 32bit hole on 64bit arches.\n\nstruct iw_point {\n  void __user   *pointer;       /* Pointer to the data  (in user space) */\n  __u16         length;         /* number of fields or size in bytes */\n  __u16         flags;          /* Optional params */\n};\n\nMake sure to zero the structure to avoid disclosing 32bits of kernel data\nto user space."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/wireless/wext-core.c","net/wireless/wext-priv.c"],"versions":[{"version":"87de87d5e47f94b4ea647a5bd1bc8dc1f7930db4","lessThan":"d943b5f592767b107ba8c12a902f17431350378c","status":"affected","versionType":"git"},{"version":"87de87d5e47f94b4ea647a5bd1bc8dc1f7930db4","lessThan":"a3827e310b5a73535646ef4a552d53b3c8bf74f6","status":"affected","versionType":"git"},{"version":"87de87d5e47f94b4ea647a5bd1bc8dc1f7930db4","lessThan":"442ceac0393185e9982323f6682a52a53e8462b1","status":"affected","versionType":"git"},{"version":"87de87d5e47f94b4ea647a5bd1bc8dc1f7930db4","lessThan":"d21ec867d84c9f3a9845d7d8c90c9ce35dbe48f8","status":"affected","versionType":"git"},{"version":"87de87d5e47f94b4ea647a5bd1bc8dc1f7930db4","lessThan":"024f71a57d563fbe162e528c8bf2d27e9cac7c7b","status":"affected","versionType":"git"},{"version":"87de87d5e47f94b4ea647a5bd1bc8dc1f7930db4","lessThan":"e3c35177103ead4658b8a62f41e3080d45885464","status":"affected","versionType":"git"},{"version":"87de87d5e47f94b4ea647a5bd1bc8dc1f7930db4","lessThan":"21cbf883d073abbfe09e3924466aa5e0449e7261","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/wireless/wext-core.c","net/wireless/wext-priv.c"],"versions":[{"version":"2.6.27","status":"affected"},{"version":"0","lessThan":"2.6.27","status":"unaffected","versionType":"semver"},{"version":"5.10.248","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.198","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.161","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.121","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.66","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.6","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"5.10.248"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"5.15.198"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"6.1.161"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"6.6.121"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"6.12.66"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"6.18.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d943b5f592767b107ba8c12a902f17431350378c"},{"url":"https://git.kernel.org/stable/c/a3827e310b5a73535646ef4a552d53b3c8bf74f6"},{"url":"https://git.kernel.org/stable/c/442ceac0393185e9982323f6682a52a53e8462b1"},{"url":"https://git.kernel.org/stable/c/d21ec867d84c9f3a9845d7d8c90c9ce35dbe48f8"},{"url":"https://git.kernel.org/stable/c/024f71a57d563fbe162e528c8bf2d27e9cac7c7b"},{"url":"https://git.kernel.org/stable/c/e3c35177103ead4658b8a62f41e3080d45885464"},{"url":"https://git.kernel.org/stable/c/21cbf883d073abbfe09e3924466aa5e0449e7261"}],"title":"wifi: avoid kernel-infoleak from struct iw_point","x_generator":{"engine":"bippy-1.2.0"}}}}