CVE-2026-45930

Source
https://cve.org/CVERecord?id=CVE-2026-45930
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45930.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45930
Downstream
Published
2026-05-27T12:17:48.689Z
Modified
2026-07-15T01:48:55.113643976Z
Summary
net: mctp: ensure our nlmsg responses are initialised
Details

In the Linux kernel, the following vulnerability has been resolved:

net: mctp: ensure our nlmsg responses are initialised

Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTM_GETNEIGH will return uninitalised data in the pad bytes of the ndmsg data.

Ensure we're initialising the netlink data to zero, in the link, addr and neigh response messages.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45930.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
583be982d93479ea3d85091b0fd0b01201ede87d
Fixed
b37da3ac099e145bcd3be82c745a8d335772e3af
Fixed
c4f840437e7641764de15f2de951ac8335d641f1
Fixed
963537a26fd892f7e414a091f807b44aeee97a7d
Fixed
976612471a9e6ead6ceffc241e4d0a1aac90b36a
Fixed
54ed418de62a148a655262da682a050fa05f7924
Fixed
6fb6a97c86abb8592158088afaea0eb464cf9de1
Fixed
a6a9bc544b675d8b5180f2718ec985ad267b5cbf

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45930.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.210
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.176
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.143
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.93
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.35
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45930.json"