CVE-2026-45930
Published: May 29, 2026Last modified: June 24, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTM_GETNEIGH will return uninitalised data in the pad bytes of the ndmsg data. Ensure we're initialising the netlink data to zero, in the link, addr and neigh response messages.
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Vulnerable (6.1.170-r0) |
| 25 LTS | linux-lts | Vulnerable (6.12.87-r0) | |
| Stream | linux-lts | Fixed (6.18.35-r1) |
References
- https://git.kernel.org/stable/c/54ed418de62a148a655262da682a050fa05f7924
- https://git.kernel.org/stable/c/6fb6a97c86abb8592158088afaea0eb464cf9de1
- https://git.kernel.org/stable/c/963537a26fd892f7e414a091f807b44aeee97a7d
- https://git.kernel.org/stable/c/976612471a9e6ead6ceffc241e4d0a1aac90b36a
- https://git.kernel.org/stable/c/a6a9bc544b675d8b5180f2718ec985ad267b5cbf
- https://git.kernel.org/stable/c/b37da3ac099e145bcd3be82c745a8d335772e3af
- https://git.kernel.org/stable/c/c4f840437e7641764de15f2de951ac8335d641f1