CVE-2026-45930 - Vulnerability Details

- net: mctp: ensure our nlmsg responses are initialised

Description

In the Linux kernel, the following vulnerability has been resolved:

net: mctp: ensure our nlmsg responses are initialised

Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from
DEVCORE Research Team working with Trend Micro Zero Day Initiative
report that a RTM_GETNEIGH will return uninitalised data in the pad
bytes of the ndmsg data.

Ensure we're initialising the netlink data to zero, in the link, addr
and neigh response messages.

Published: 2026-05-27

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the Linux kernel’s mctp driver, specifically in its netlink interface. A crafted RTM_GETNEIGH request can elicit a kernel response whose pad bytes of the ndmsg structure are not initialized. This causes uninitialized kernel data to be copied to user space via the netlink reply, potentially revealing arbitrary kernel memory contents. The vulnerability is a form of information disclosure (CWE-824).

Affected Systems

All Linux kernel versions that contain the mctp driver before the commit that zero‑initialises the nlmsg responses are affected. No specific version numbers are listed in the advisory, so the flaw may exist in any kernel prior to those commits referenced.

Risk and Exploitability

No CVSS score is published and the EPSS score indicates a very low probability of exploitation (<1%). The vulnerability is not listed in the CISA KEV catalog. The risk depends on an attacker’s ability to send a malicious RTM_GETNEIGH request and the presence of uninitialized data in the reply. Because the likelihood of exploitation is currently unknown and no exploit has been publicly disclosed, the overall risk is uncertain but the potential for confidential data leakage warrants timely remediation. It is inferred that elevated privileges may be required to generate the request, but this is not explicitly confirmed.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`583be982d93479ea3d85091b0fd0b01201ede87d`	affected	< 6fb6a97c86abb8592158088afaea0eb464cf9de1
`583be982d93479ea3d85091b0fd0b01201ede87d`	affected	< a6a9bc544b675d8b5180f2718ec985ad267b5cbf

Linux

affected

Version	Status	Constraints
`5.15`	affected	—
`0`	unaffected	< 5.15
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[583be982d93479ea3d85091b0fd0b01201ede87d,6fb6a97c86abb8592158088afaea0eb464cf9de1)`	affected	code_commit	—
`[583be982d93479ea3d85091b0fd0b01201ede87d,a6a9bc544b675d8b5180f2718ec985ad267b5cbf)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.15`	affected	generic	—
`[0,5.15)`	unaffected	generic	—
`[6.19.4,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to a Linux kernel version that includes the commit that zero‑initialises nlmsg responses for the mctp driver.
If a kernel upgrade is not immediately possible, limit access to the mctp netlink interface to privileged users (e.g., restrict CAP_NET_ADMIN or configure AppArmor/SELinux policies).
Monitor system logs and netlink activity for abnormal behavior and apply the patch as soon as possible.

Generated by OpenCVE AI on May 28, 2026 at 15:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/6fb6a97c86abb8592158088afaea0eb464cf9de1
https://git.kernel.org/stable/c/a6a9bc544b675d8b5180f2718ec985ad267b5cbf
https://lore.kernel.org/linux-cve-announce/2026052726-CVE-2026-45930-1ec6@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-45930
https://www.cve.org/CVERecord?id=CVE-2026-45930

History

Thu, 28 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-200 CWE-254

Thu, 28 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-824
References		https://lore.kernel.org/linux-cve-announce/2026052726-CVE-2026-45930-1ec6@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-45930 https://www.cve.org/CVERecord?id=CVE-2026-45930

Wed, 27 May 2026 22:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200 CWE-254

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTM_GETNEIGH will return uninitalised data in the pad bytes of the ndmsg data. Ensure we're initialising the netlink data to zero, in the link, addr and neigh response messages.
Title		net: mctp: ensure our nlmsg responses are initialised
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/6fb6a97c86abb8592158088afaea0eb464cf9de1 https://git.kernel.org/stable/c/a6a9bc544b675d8b5180f2718ec985ad267b5cbf

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:17:48.689Z

Updated: 2026-05-27T12:17:48.689Z

Reserved: 2026-05-13T15:03:33.086Z

Link: CVE-2026-45930

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:08.947

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45930

Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45930 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T15:30:05Z

Weaknesses

CWE-824

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object