Description
In the Linux kernel, the following vulnerability has been resolved:

ipmi: ipmb: initialise event handler read bytes

IPMB doesn't use i2c reads, but the handler needs to set a value.
Otherwise an i2c read will return an uninitialised value from the bus
driver.
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, the IPMB event handler in the IPMI subsystem fails to initialize a required buffer before performing an I2C read. Because IPMB does not normally use I2C reads, the handler’s oversight causes the bus driver to return whatever data is currently present in the uninitialized buffer. This results in a kernel‑space uninitialized read that could expose sensitive kernel memory contents or create unpredictable kernel behavior, corresponding to CWE‑908.

Affected Systems

The vulnerability is present in any Linux kernel that contains the IPMI IPMB driver. No specific kernel release ranges are listed, so every build with the vulnerable code path is potentially exposed.

Risk and Exploitability

An attacker would need to trigger the IPMB handler, which typically requires local privilege or the ability to load a malicious kernel module. Based on the description, the likely attack vector is local and may involve privilege escalation or kernel module exploitation. The flaw does not provide arbitrary code execution but can leak kernel data and destabilize the system. The EPSS score is < 1% and the CVSS score is 5.5, indicating a moderate severity but a very low probability of exploitation, though the confidentiality impact could be significant if kernel memory is exposed. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on May 12, 2026 at 21:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install a newer Linux kernel version that includes the IPMB handler read bytes fix, such as the release following commit 102712417bb6aa9a00d852bc59cb0a276db486c4.
  • If an immediate kernel upgrade is not feasible, disable IPMI support at boot or unload the ipmiipmb module to eliminate the vulnerable code path.
  • After applying the fix or disabling IPMI, monitor kernel logs for IPMI‑related errors or abnormal reads to confirm the uninitialized read no longer occurs.

Generated by OpenCVE AI on May 12, 2026 at 21:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-908
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 04:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-788

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-909
References

Wed, 06 May 2026 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-788

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ipmi: ipmb: initialise event handler read bytes IPMB doesn't use i2c reads, but the handler needs to set a value. Otherwise an i2c read will return an uninitialised value from the bus driver.
Title ipmi: ipmb: initialise event handler read bytes
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:20:20.815Z

Reserved: 2026-05-01T14:12:55.994Z

Link: CVE-2026-43221

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:41.780

Modified: 2026-05-12T19:09:12.717

Link: CVE-2026-43221

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43221 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T21:45:05Z

Weaknesses