CVE-2026-52985

Source
https://cve.org/CVERecord?id=CVE-2026-52985
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52985.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-52985
Downstream
Published
2026-06-24T16:28:59.871Z
Modified
2026-07-08T08:13:46.584283311Z
Summary
netdevsim: zero initialize struct iphdr in dummy sk_buff
Details

In the Linux kernel, the following vulnerability has been resolved:

netdevsim: zero initialize struct iphdr in dummy sk_buff

Syzbot reports a KMSAN uninit-value originating from nsimdevtrapskbbuild, with the allocation also being performed in the same function.

Fix this by calling skbputzero instead of skb_put to guarantee zero initialization of the whole IP header.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52985.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
da58f90f11f597520f226caff1d3cfc115abedc9
Fixed
175556c049eaec14efde8c6475e763b7579b9de7
Fixed
6e2cfd0904976e701d7a76b86b694e72af230ab0
Fixed
1b7b6ae0e93b8d512e208b1378d74af052e4f4e7
Fixed
818f7673ed7f4a29d4b9cee8184c47d6e57162b4
Fixed
978ca6ff789f1f19c03288ac20cc1f4774e88490
Fixed
750d0091bebf44975421268d37484ef87060d263
Fixed
bc6002865e8c4fcf9e94975f7cf023448d8764e2
Fixed
35eaa6d8d6c2ee65e96f507add856e0eacf24591

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52985.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.4.0
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.141
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52985.json"