CVE-2026-46108 - Vulnerability Details

- ipmi:si: Return state to normal if message allocation fails

Description

In the Linux kernel, the following vulnerability has been resolved:

ipmi:si: Return state to normal if message allocation fails

There were places where nothing would get started if a message
allocation failed, so the driver needs to return to normal state.

Published: 2026-05-28

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the Linux kernel’s IPMI silicon interface driver causes the module to stall if it fails to allocate memory for a message, leaving the driver unable to process further IPMI commands. The failure to recover and release allocated resources results in a denial of service within the IPMI subsystem, and can degrade overall system stability. This weakness is classified as CWE‑372 (Imprecise or Incorrect Error Handling).

Affected Systems

All Linux distributions that ship the default ipmi_si kernel module are impacted. The issue is confined to the kernel-level IPMI silicon interface code and does not depend on third‑party hardware vendors or user space applications.

Risk and Exploitability

The public CVSS score is not available. EPSS indicates a very low exploitation probability (< 1%) and the vulnerability is not listed in CISA KEV. Based on the description, it is inferred that exploitation would require a local privileged user or an attacker able to induce a kernel‑space memory allocation failure, making remote exploitation unlikely without prior escalation. The risk is therefore considered moderate; systems should address the defect promptly.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< c204fab7f76a055eac346e3b1a75c6b4bb99600e
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< ab48817aebe4d831f87d4da6f94f50498c130d9e
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 9c6ded95ac6281e390d167637ccbde6cea2ba1ae
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< ce905b65e649eee378a0f37e8219f1d70efb3007
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 88881dc1da86064f479378bc9d0a4956c3d0bb12
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< bc13fce9eeec88c4950924754c3347c6dc66ff4c
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< ba60140d4133231b49185ac8bf6e54f318d3134e
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 09dd798270ff582d7309f285d4aaf5dbebae01cb

Linux

affected

Version	Status	Constraints
`2.6.12`	affected	—
`0`	unaffected	< 2.6.12
`5.10.258`	unaffected	≤ 5.10.*
`5.15.209`	unaffected	≤ 5.15.*
`6.1.175`	unaffected	≤ 6.1.*
`6.6.140`	unaffected	≤ 6.6.*
`6.12.88`	unaffected	≤ 6.12.*
`6.18.30`	unaffected	≤ 6.18.*
`7.0.7`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,ce905b65e649eee378a0f37e8219f1d70efb3007)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,88881dc1da86064f479378bc9d0a4956c3d0bb12)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,bc13fce9eeec88c4950924754c3347c6dc66ff4c)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,ba60140d4133231b49185ac8bf6e54f318d3134e)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,09dd798270ff582d7309f285d4aaf5dbebae01cb)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`2.6.12`	affected	semver	—
`[0,2.6.12)`	unaffected	semver	—
`[6.6.140,6.7.0)`	unaffected	semver	—
`[6.12.88,6.13.0)`	unaffected	semver	—
`[6.18.30,6.19.0)`	unaffected	semver	—
`[7.0.7,7.1.0)`	unaffected	semver	—
`[7.1-rc3,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the patch correcting the allocation‑failure handling in the ipmi_si driver (CWE‑372).
If upgrading immediately is not possible, unload or blacklist the ipmi_si module to disable the IPMI silicon interface, thereby preventing driver stalls.
Restrict network traffic to IPMI endpoints by configuring firewall rules or disabling the IPMI service, reducing the surface area for potential attack vectors.

Generated by OpenCVE AI on May 29, 2026 at 06:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00176.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/09dd798270ff582d7309f285d4aaf5dbebae01cb
https://git.kernel.org/stable/c/88881dc1da86064f479378bc9d0a4956c3d0bb12
https://git.kernel.org/stable/c/9c6ded95ac6281e390d167637ccbde6cea2ba1ae
https://git.kernel.org/stable/c/ab48817aebe4d831f87d4da6f94f50498c130d9e
https://git.kernel.org/stable/c/ba60140d4133231b49185ac8bf6e54f318d3134e
https://git.kernel.org/stable/c/bc13fce9eeec88c4950924754c3347c6dc66ff4c
https://git.kernel.org/stable/c/c204fab7f76a055eac346e3b1a75c6b4bb99600e
https://git.kernel.org/stable/c/ce905b65e649eee378a0f37e8219f1d70efb3007
https://lore.kernel.org/linux-cve-announce/2026052812-CVE-2026-46108-f4ff@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46108
https://www.cve.org/CVERecord?id=CVE-2026-46108

History

Mon, 01 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/9c6ded95ac6281e390d167637ccbde6cea2ba1ae https://git.kernel.org/stable/c/ab48817aebe4d831f87d4da6f94f50498c130d9e https://git.kernel.org/stable/c/c204fab7f76a055eac346e3b1a75c6b4bb99600e

Fri, 29 May 2026 05:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-775

Fri, 29 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-372
References		https://lore.kernel.org/linux-cve-announce/2026052812-CVE-2026-46108-f4ff@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46108 https://www.cve.org/CVERecord?id=CVE-2026-46108

Thu, 28 May 2026 12:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-775

Thu, 28 May 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ipmi:si: Return state to normal if message allocation fails There were places where nothing would get started if a message allocation failed, so the driver needs to return to normal state.
Title		ipmi:si: Return state to normal if message allocation fails
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/09dd798270ff582d7309f285d4aaf5dbebae01cb https://git.kernel.org/stable/c/88881dc1da86064f479378bc9d0a4956c3d0bb12 https://git.kernel.org/stable/c/ba60140d4133231b49185ac8bf6e54f318d3134e https://git.kernel.org/stable/c/bc13fce9eeec88c4950924754c3347c6dc66ff4c https://git.kernel.org/stable/c/ce905b65e649eee378a0f37e8219f1d70efb3007

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-28T09:35:14.978Z

Updated: 2026-06-14T17:55:01.962Z

Reserved: 2026-05-13T15:03:33.098Z

Link: CVE-2026-46108

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-28T10:16:26.190

Modified: 2026-06-01T17:17:24.480

Link: CVE-2026-46108

Redhat

Severity :

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46108 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-29T06:30:37Z

Weaknesses

CWE-372
Incomplete Internal State Distinction

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object