Description
In the Linux kernel, the following vulnerability has been resolved:

ipmi: Add limits to event and receive message requests

The driver would just fetch events and receive messages until the
BMC said it was done. To avoid issues with BMCs that never say they are
done, add a limit of 10 fetches at a time.

In addition, an si interface has an attn state it can return from the
hardware which is supposed to cause a flag fetch to see if the driver
needs to fetch events or message or a few other things. If the attn
bit gets stuck, it's a similar problem. So allow messages in between
flag fetches so the driver itself doesn't get stuck.

This is a more general fix than the previous fix for the specific bad
BMC, but should fix the more general issue of a BMC that won't stop
saying it has data.

This has been there from the beginning of the driver. It's not a bug
per-se, but it is accounting for bugs in BMCs.
Published: 2026-05-28
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel IPMI driver originally fetched events and received messages until the Baseboard Management Controller (BMC) signaled that it was finished. Because some BMCs never send a completion signal or an attention bit can become stuck, the driver would loop indefinitely, consuming CPU cycles and potentially exhausting kernel resources. The fix introduces a limit of ten fetches per request and allows message handling in between flag fetches, preventing the driver from becoming stuck.

Affected Systems

Systems running a Linux kernel that includes the IPMI driver before the inclusion of the limit are potentially affected. The known CNA vendor is Linux:Linux, and the vulnerability covers all kernel releases that have not yet integrated the commit adding the fetch limits. No specific version range is provided in the advisory.

Risk and Exploitability

The EPSS score is reported as less than 1%, and the vulnerability is not listed in CISA's KEV catalog, indicating a low likelihood of known exploitation. It is inferred from the description that an attacker who can send commands to the BMC—either remotely or locally—could trigger the condition and cause a denial of service by exhausting kernel resources. The CVSS score of 7.5 indicates high severity, underscoring the potential for a local or remote resource exhaustion attack.

Generated by OpenCVE AI on June 10, 2026 at 22:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the driver changes demonstrated in commits 3d37d2165df9504ea99d9e6181552dc4d2d1ab37, 67c44e0deba936d5edaebea356b4589eb43acb5c, c024167fb00489baee08c72182ca2e7dc5fb9f20, c4cca236968683eb0d59abfb12d5c7e4d8514227, or e20212b431bef217d3886b86bbc90cc3ed00de68.
  • Ensure that any IPMI firmware or BMC devices are updated to firmware that correctly signals completion of event/message fetches, which reduces the chance of the driver being trapped in a loop.
  • Restrict access to the IPMI interface by configuring network firewall rules or host‑based access controls to limit who can issue commands to the BMC.

Generated by OpenCVE AI on June 10, 2026 at 22:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*

Mon, 01 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
References

Sat, 30 May 2026 11:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Fri, 29 May 2026 03:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-835
References

Thu, 28 May 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ipmi: Add limits to event and receive message requests The driver would just fetch events and receive messages until the BMC said it was done. To avoid issues with BMCs that never say they are done, add a limit of 10 fetches at a time. In addition, an si interface has an attn state it can return from the hardware which is supposed to cause a flag fetch to see if the driver needs to fetch events or message or a few other things. If the attn bit gets stuck, it's a similar problem. So allow messages in between flag fetches so the driver itself doesn't get stuck. This is a more general fix than the previous fix for the specific bad BMC, but should fix the more general issue of a BMC that won't stop saying it has data. This has been there from the beginning of the driver. It's not a bug per-se, but it is accounting for bugs in BMCs.
Title ipmi: Add limits to event and receive message requests
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T18:00:26.015Z

Reserved: 2026-05-13T15:03:33.103Z

Link: CVE-2026-46177

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T10:16:33.320

Modified: 2026-06-10T21:14:53.460

Link: CVE-2026-46177

cve-icon Redhat

Severity :

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46177 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T22:45:27Z

Weaknesses