CVE-2026-45930
MEDIUMnet: mctp: ensure our nlmsg responses are initialised
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTM_GETNEIGH will return uninitalised data in the pad bytes of the ndmsg data. Ensure we're initialising the netlink data to zero, in the link, addr and neigh response messages.
References (7)
Core 7
Core References
Scores
CVSS v3
5.5
EPSS
0.0013
EPSS Percentile
2.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (23)
linux/Kernel
5.15.0 - 5.15.210linux
linux/Kernel
5.16.0 - 6.1.176linux
linux/Kernel
6.13.0 - 6.18.35linux
linux/Kernel
6.19.0 - 6.19.4linux
linux/Kernel
6.2.0 - 6.6.143linux
linux/Kernel
6.7.0 - 6.12.93linux
Linux/Linux
< 5.15
Linux/Linux
5.15
Linux/Linux
5.15.210 - 5.15.*
Linux/Linux
583be982d93479ea3d85091b0fd0b01201ede87d - 54ed418de62a148a655262da682a050fa05f7924
... and 13 more
Published
May 27, 2026
Tracked Since
May 27, 2026