Use of Uninitialized Variable in Linux kernel - CVE-2026-52937
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to an information leak from uninitialized stack memory in tap_ioctl() when handling the SIOCGIFHWADDR ioctl request. A local user can issue a crafted ioctl request to disclose sensitive information.
The leaked data may include kernel .text and direct-map pointers, which can defeat KASLR.