Description
In the Linux kernel, the following vulnerability has been resolved:

netdevsim: zero initialize struct iphdr in dummy sk_buff

Syzbot reports a KMSAN uninit-value originating from
nsim_dev_trap_skb_build, with the allocation also
being performed in the same function.

Fix this by calling skb_put_zero instead of skb_put to
guarantee zero initialization of the whole IP header.
Published: 2026-06-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s netdevsim module fails to zero the struct iphdr inside dummy sk_buff objects, causing uninitialized IP header fields, a use‑of flaw and an untrusted input that can lead to operational failure (CWE‑824). Syzbot has identified a KMSAN uninitialized-value error originating from nsim_dev_trap_skb_build. Because the header is not properly set, dummy packet processing may introduce malformed IP headers into the kernel, potentially leading to crashes, undefined behavior, or kernel instability.

Affected Systems

All Linux kernel installations that include the netdevsim module before commit 175556c049eaec14efde8c6475e763b7579b9de7 are vulnerable. This includes standard kernel builds from Linux distributions that ship the original upstream kernel source without this patch. Kernel versions that contain the fix or later commits are considered secure.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not KEV catalog. The attack likely requires local or privileged access to load or configure a netdevsim dummy network interface, as the flaw is triggered when the module is active and packets are built. Exploitation would involve crafting dummy packets that expose the uninitialized header, potentially causing kernel instability. In, the likelihood of exploitation remains low, but the impact on kernel stability is significant if a successful exploit occurs.

Generated by OpenCVE AI on June 26, 2026 at 05:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply kernel update that includes commit 175556c049eaec14efde8c6475e763b7579b9de7 or newer
  • Disable or unload the netdevsim module if dummy device functionality is not required (e.g., modprobe -r netdevsim)
  • Remove any existing dummy network interfaces and avoid creating new ones; monitor system logs for kernel panics or anomalous packet activity

Generated by OpenCVE AI on June 26, 2026 at 05:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4664-1 linux security update
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Fri, 26 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-457

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-824
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Wed, 24 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-457

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: netdevsim: zero initialize struct iphdr in dummy sk_buff Syzbot reports a KMSAN uninit-value originating from nsim_dev_trap_skb_build, with the allocation also being performed in the same function. Fix this by calling skb_put_zero instead of skb_put to guarantee zero initialization of the whole IP header.
Title netdevsim: zero initialize struct iphdr in dummy sk_buff
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:28:59.871Z

Reserved: 2026-06-09T07:44:35.376Z

Link: CVE-2026-52985

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-52985 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T05:30:17Z

Weaknesses
  • CWE-824

    Access of Uninitialized Pointer