CVE-2026-45930

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Ab...

Published: 2026-05-27 · Last updated: 2026-06-09

Severity and scoring

Description

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTM_GETNEIGH will return uninitalised data in the pad bytes of the ndmsg data. Ensure we're initialising the netlink data to zero, in the link, addr and neigh response messages.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-45930
[Other]https://git.kernel.org/stable/c/54ed418de62a148a655262da682a050fa05f7924
[Other]https://git.kernel.org/stable/c/6fb6a97c86abb8592158088afaea0eb464cf9de1
[Other]https://git.kernel.org/stable/c/976612471a9e6ead6ceffc241e4d0a1aac90b36a
[Other]https://git.kernel.org/stable/c/a6a9bc544b675d8b5180f2718ec985ad267b5cbf