{"id":"AZL-78452","summary":"CVE-2026-22978 affecting package kernel for versions less than 5.15.200.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: avoid kernel-infoleak from struct iw_point\n\nstruct iw_point has a 32bit hole on 64bit arches.\n\nstruct iw_point {\n  void __user   *pointer;       /* Pointer to the data  (in user space) */\n  __u16         length;         /* number of fields or size in bytes */\n  __u16         flags;          /* Optional params */\n};\n\nMake sure to zero the structure to avoid disclosing 32bits of kernel data\nto user space.","modified":"2026-04-01T05:23:14.996342Z","published":"2026-01-23T16:15:53Z","upstream":["CVE-2026-22978"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22978"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.200.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78452.json"}}],"schema_version":"1.7.5"}