CVE-2026-45930

MEDIUM

net: mctp: ensure our nlmsg responses are initialised

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTM_GETNEIGH will return uninitalised data in the pad bytes of the ndmsg data. Ensure we're initialising the netlink data to zero, in the link, addr and neigh response messages.

Scores

CVSS v3 5.5
EPSS 0.0013
EPSS Percentile 2.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (23)
linux/Kernel 5.15.0 - 5.15.210linux
linux/Kernel 5.16.0 - 6.1.176linux
linux/Kernel 6.13.0 - 6.18.35linux
linux/Kernel 6.19.0 - 6.19.4linux
linux/Kernel 6.2.0 - 6.6.143linux
linux/Kernel 6.7.0 - 6.12.93linux
Linux/Linux < 5.15
Linux/Linux 5.15
Linux/Linux 5.15.210 - 5.15.*
Linux/Linux 583be982d93479ea3d85091b0fd0b01201ede87d - 54ed418de62a148a655262da682a050fa05f7924
... and 13 more
Published May 27, 2026
Tracked Since May 27, 2026