Updated: 2026-02-26
Description:
In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iw_point struct iw_point has a 32bit hole on 64bit arches. struct iw_point { void __user *pointer; /* Pointer to the data (in user space) */ __u16 length; /* number of fields or size in bytes */ __u16 flags; /* Optional params */ }; Make sure to zero the structure to avoid disclosing 32bits of kernel data to user space. A flaw was found in the Linux kernel's Wi-Fi subsystem. This information disclosure vulnerability arises from a 32-bit padding hole in the `struct iw_point` on 64-bit architectures. A local user could exploit this by reading uninitialized kernel memory, potentially disclosing sensitive kernel data to user space.
CVSS3: 5.5
| OS | Vendor version | Errata |
|---|---|---|
| Debian 11 | 5.10.249-1 | DLA-4475-1 |
| Debian 11 cloud | 5.10.249-1 | DLA-4475-1 |
| Debian 12 | 6.1.162-1 | DSA-6127-1 |
| OS | Original kernel version | State |
|---|---|---|
| Debian 11 | |
Will Not Fix |
| Debian 11 cloud | |
Will Not Fix |
| Debian 12 | |
Planned |