Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Struct iw_point Information Leak Vulnerability

Vulnerability

A vulnerability in the Linux kernel's handling of the struct iw_point has been addressed. This struct contains a 32-bit gap on 64-bit architectures, which can lead to unintended disclosure of kernel data to user space. The issue arises when the struct is used in wireless extensions, particularly with compatibility ioctls. To mitigate this information leak, the kernel now ensures that the struct is properly zeroed before use, preventing the unintentional exposure of sensitive data.

Impact

Exploitation of this vulnerability could result in a kernel information leak, disclosing 32 bits of kernel data to user space.

Reproduction

The vulnerability can be reproduced by using wireless extensions that dispatch compatibility ioctls. The struct iw_point will leak uninitialized data, which can be exploited to read kernel memory.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.

Added: Jan 23, 2026, 4:39 PM
Updated: Jan 23, 2026, 4:39 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
3.9
remediation
7.7
relevance
2.3
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.