CVE-2026-45930
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
25/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: mctp: ensure our nlmsg responses are initialised<br />
<br />
Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from<br />
DEVCORE Research Team working with Trend Micro Zero Day Initiative<br />
report that a RTM_GETNEIGH will return uninitalised data in the pad<br />
bytes of the ndmsg data.<br />
<br />
Ensure we&#39;re initialising the netlink data to zero, in the link, addr<br />
and neigh response messages.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.15 (including) | 5.15.210 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.176 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.143 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.93 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.18.35 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 6.19.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/54ed418de62a148a655262da682a050fa05f7924
- https://git.kernel.org/stable/c/6fb6a97c86abb8592158088afaea0eb464cf9de1
- https://git.kernel.org/stable/c/963537a26fd892f7e414a091f807b44aeee97a7d
- https://git.kernel.org/stable/c/976612471a9e6ead6ceffc241e4d0a1aac90b36a
- https://git.kernel.org/stable/c/a6a9bc544b675d8b5180f2718ec985ad267b5cbf
- https://git.kernel.org/stable/c/b37da3ac099e145bcd3be82c745a8d335772e3af
- https://git.kernel.org/stable/c/c4f840437e7641764de15f2de951ac8335d641f1



