CVE-2026-45865 - Vulnerability Details

- mctp i2c: initialise event handler read bytes

Description

In the Linux kernel, the following vulnerability has been resolved:

mctp i2c: initialise event handler read bytes

Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads
will return "val" from the i2c bus driver. For i2c-aspeed and
i2c-npcm7xx that is a stack uninitialised u8.

Tested with "i2ctransfer -y 1 r10@0x34" where 0x34 is a mctp-i2c
instance, now it returns all 0xff.

Published: 2026-05-27

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The MCTP‑I2C driver in the Linux kernel is prone to returning an uninitialised byte when an I2C read is performed. Because the driver fails to set the return value to 0xFF, a stack‑allocated byte that was never written to may be leaked to the caller. This results in the disclosure of a single, uncontrolled byte of data, which is insufficient for arbitrary code execution but may aid in memory‑analysis or side‑channel attacks. The weakness is classified as CWE‑908 Uninitialised Information Leak.

Affected Systems

All versions of the Linux kernel that contain the unpatched MCTP‑I2C driver and enable the i2c‑aspeed or i2c‑npcm7xx sub‑drivers are affected. The vendor list includes the general Linux operating system; the CPE indicates the kernel component. No specific version range is supplied, so any kernel build without the fix should be considered vulnerable if the affected driver modules are present.

Risk and Exploitability

Based on the description, it is inferred that an attacker would need the ability to issue I2C read commands against an MCTP device, typically requiring local or physical access to the machine. The EPSS score is under 1 % and the vulnerability is not listed in the CISA KEV catalog, suggesting a low likelihood of exploitation. Although the exposure is limited to a single byte, the need for privileged bus access and the low exploitation probability mean the overall risk is low to moderate.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`f5b8abf9fc3dacd7529d363e26fe8230935d65f8`	affected	< 93e01e837e105299f1c259ef71f6e1ec4fe806e3
`f5b8abf9fc3dacd7529d363e26fe8230935d65f8`	affected	< 11f83253244060b5de5eac787f61ae3f3e559d01
`f5b8abf9fc3dacd7529d363e26fe8230935d65f8`	affected	< fa9861e5c8af7651dddfa8d490aaada17ae33b6c
`f5b8abf9fc3dacd7529d363e26fe8230935d65f8`	affected	< 6ff2ebfef75fbc57d937d8fbe738b967edf2d331
`f5b8abf9fc3dacd7529d363e26fe8230935d65f8`	affected	< 1eeedb310229bfee9dd4d992e5bba33fe1378a8f
`f5b8abf9fc3dacd7529d363e26fe8230935d65f8`	affected	< 2a14e91b6d76639dac70ea170f4384c1ee3cb48d

Linux

affected

Version	Status	Constraints
`5.18`	affected	—
`0`	unaffected	< 5.18
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[f5b8abf9fc3dacd7529d363e26fe8230935d65f8,93e01e837e105299f1c259ef71f6e1ec4fe806e3)`	affected	code_commit	—
`[f5b8abf9fc3dacd7529d363e26fe8230935d65f8,11f83253244060b5de5eac787f61ae3f3e559d01)`	affected	code_commit	—
`[f5b8abf9fc3dacd7529d363e26fe8230935d65f8,fa9861e5c8af7651dddfa8d490aaada17ae33b6c)`	affected	code_commit	—
`[f5b8abf9fc3dacd7529d363e26fe8230935d65f8,6ff2ebfef75fbc57d937d8fbe738b967edf2d331)`	affected	code_commit	—
`[f5b8abf9fc3dacd7529d363e26fe8230935d65f8,1eeedb310229bfee9dd4d992e5bba33fe1378a8f)`	affected	code_commit	—
`[f5b8abf9fc3dacd7529d363e26fe8230935d65f8,2a14e91b6d76639dac70ea170f4384c1ee3cb48d)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.18`	affected	generic	—
`[0,5.18)`	unaffected	generic	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.14,6.19.0)`	unaffected	semver	—
`[6.19.4,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to the latest Linux kernel that implements the fixed MCTP‑I2C driver
If upgrading is not feasible, disable or unload the MCTP‑I2C module or remove unused MCTP devices from the system
Restrict direct access to the I2C bus by tightening device‑node permissions or applying SELinux/AppArmor policies

Generated by OpenCVE AI on May 28, 2026 at 19:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00205.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/11f83253244060b5de5eac787f61ae3f3e559d01
https://git.kernel.org/stable/c/1eeedb310229bfee9dd4d992e5bba33fe1378a8f
https://git.kernel.org/stable/c/2a14e91b6d76639dac70ea170f4384c1ee3cb48d
https://git.kernel.org/stable/c/6ff2ebfef75fbc57d937d8fbe738b967edf2d331
https://git.kernel.org/stable/c/93e01e837e105299f1c259ef71f6e1ec4fe806e3
https://git.kernel.org/stable/c/fa9861e5c8af7651dddfa8d490aaada17ae33b6c
https://lore.kernel.org/linux-cve-announce/2026052711-CVE-2026-45865-87b8@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-45865
https://www.cve.org/CVERecord?id=CVE-2026-45865

History

Thu, 28 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-457

Thu, 28 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-908
References		https://lore.kernel.org/linux-cve-announce/2026052711-CVE-2026-45865-87b8@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-45865 https://www.cve.org/CVERecord?id=CVE-2026-45865

Wed, 27 May 2026 16:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-457

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Tested with "i2ctransfer -y 1 r10@0x34" where 0x34 is a mctp-i2c instance, now it returns all 0xff.
Title		mctp i2c: initialise event handler read bytes
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/11f83253244060b5de5eac787f61ae3f3e559d01 https://git.kernel.org/stable/c/1eeedb310229bfee9dd4d992e5bba33fe1378a8f https://git.kernel.org/stable/c/2a14e91b6d76639dac70ea170f4384c1ee3cb48d https://git.kernel.org/stable/c/6ff2ebfef75fbc57d937d8fbe738b967edf2d331 https://git.kernel.org/stable/c/93e01e837e105299f1c259ef71f6e1ec4fe806e3 https://git.kernel.org/stable/c/fa9861e5c8af7651dddfa8d490aaada17ae33b6c

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:15:45.082Z

Updated: 2026-05-27T12:15:45.082Z

Reserved: 2026-05-13T15:03:33.080Z

Link: CVE-2026-45865

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:16:58.787

Modified: 2026-06-17T10:52:37.940

Link: CVE-2026-45865

Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45865 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T19:45:25Z

Weaknesses

CWE-908
Use of Uninitialized Resource

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object