CVE-2026-23367Access of Uninitialized Pointer in Linux

CWE-824Access of Uninitialized Pointer8 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently only used with the radiotap namespace (not with vendor namespaces), but if the undefined field 18 is used, the alignment/size is unknown as well. In this case, iterator->_next_ns_data isn't initialized (it's only set for skipping vendor namespaces), and syzbot points out that we later compare against this uninitialized value. Fix this by moving

Affected Packages5 packages

Linuxlinux/linux_kernel2.6.346.1.167+4
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux33e5a2f776e331dc8a4379b6efb660d38f182d96703fa979badbba83d31cd011606d060bfb8b0d1d+6
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
wifi: radiotap: reject radiotap with unknown bits2026-03-25
OSV
CVE-2026-23367: In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently2026-03-25
GHSA
GHSA-mg4x-3g76-43w7: In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is current2026-03-25

📋Vendor Advisories

3
Red Hat
CVE-2026-23367: In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently2026-03-25
Microsoft
wifi: radiotap: reject radiotap with unknown bits2026-03-10
Debian
CVE-2026-23367: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: radio...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23367 Impact, Exploitability, and Mitigation Steps | Wiz