VDB
DEBIAN-CVE-2026-22978
DEBIAN-CVE-2026-22978
PUBLISHED
CVSS 3.299999952316284 LOW
In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iw_point struct iw_point has a 32bit hole on 64bit arches. struct iw_point { void __user *pointer; /* Pointer to the data (in user space) */ __u16 length; /* number of fields or size in bytes */ __u16 flags; /* Optional params */ }; Make sure to zero the structure to avoid disclosing 32bits of kernel data to user space.
Risk Scores
CVSS 3.1
3.299999952316284
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | linux | 0, 6.1.106-1, 6.1.106-2 |
| Debian:11 | linux-6.1 | 6.1.159-1, 6.1.158-1, 6.1.153-1 |
| Debian:14 | linux | 6.16.6-1, 6.16.7-1, 6.16.8-1 |
| Debian:11 | linux | 5.10.127-2, 5.10.136-1, 5.10.140-1 |
| Debian:13 | linux | *, 6.12.69-1, 6.12.63-1 |
Exploit Intelligence
- 4081.3.7.yml (github-poc)
Timeline
- Jan 23, 2026 CVE Published
- Apr 28, 2026 CVE Updated