CVE-2026-46128

MEDIUM

ipmi: Check event message buffer response for bad data

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty message instead of an error when fetching events. There are apparently some new BMCs that make this error, so we need to compensate.

Scores

CVSS v3 5.5
EPSS 0.0013
EPSS Percentile 2.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (29)
linux/Kernel 2.6.12 - 5.10.258linux
linux/Kernel 5.11.0 - 5.15.209linux
linux/Kernel 5.16.0 - 6.1.175linux
linux/Kernel 6.13.0 - 6.18.30linux
linux/Kernel 6.19.0 - 7.0.7linux
linux/Kernel 6.2.0 - 6.6.140linux
linux/Kernel 6.7.0 - 6.12.88linux
Linux/Linux < 2.6.12
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 01f8387fa5b796f13cf50014c171f6da7abc46ea
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 2418e4b21fb1355504d095da5d5f0a210564a43d
... and 19 more
Published May 28, 2026
Tracked Since May 28, 2026