#VU124465 Use of Uninitialized Variable in Linux kernel - CVE-2026-23367
Published: March 25, 2026
Vulnerability identifier: #VU124465
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23367
CWE-ID: CWE-457
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper initialization in the radiotap parser component when processing radiotap headers with undefined fields. A local user can provide a specially crafted radiotap header containing undefined field 18 to trigger uninitialized memory access and potentially execute arbitrary code.
The issue arises because iterator->_next_ns_data is not initialized when handling undefined fields in the standard radiotap namespace, leading to use of uninitialized data during subsequent checks.
Remediation
Install security update from vendor's repository.
External links
- https://git.kernel.org/stable/c/129c8bb320a7cef692c78056ef8e89a2a12ba448
- https://git.kernel.org/stable/c/2a60c588d5d39ad187628f58395c776a97fd4323
- https://git.kernel.org/stable/c/2f8ceeba670610d66f77def32011f48de951d781
- https://git.kernel.org/stable/c/703fa979badbba83d31cd011606d060bfb8b0d1d
- https://git.kernel.org/stable/c/c854758abe0b8d86f9c43dc060ff56a0ee5b31e0
- https://git.kernel.org/stable/c/e664971759a0e5570b50c6592e58a7f97d55e992