{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-45930","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-13T15:03:33.086Z","datePublished":"2026-05-27T12:17:48.689Z","dateUpdated":"2026-06-19T11:58:46.478Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-19T11:58:46.478Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: ensure our nlmsg responses are initialised\n\nSyed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from\nDEVCORE Research Team working with Trend Micro Zero Day Initiative\nreport that a RTM_GETNEIGH will return uninitalised data in the pad\nbytes of the ndmsg data.\n\nEnsure we're initialising the netlink data to zero, in the link, addr\nand neigh response messages."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/mctp/device.c","net/mctp/neigh.c","net/mctp/route.c"],"versions":[{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"b37da3ac099e145bcd3be82c745a8d335772e3af","status":"affected","versionType":"git"},{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"c4f840437e7641764de15f2de951ac8335d641f1","status":"affected","versionType":"git"},{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"963537a26fd892f7e414a091f807b44aeee97a7d","status":"affected","versionType":"git"},{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"976612471a9e6ead6ceffc241e4d0a1aac90b36a","status":"affected","versionType":"git"},{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"54ed418de62a148a655262da682a050fa05f7924","status":"affected","versionType":"git"},{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"6fb6a97c86abb8592158088afaea0eb464cf9de1","status":"affected","versionType":"git"},{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"a6a9bc544b675d8b5180f2718ec985ad267b5cbf","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/mctp/device.c","net/mctp/neigh.c","net/mctp/route.c"],"versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","status":"unaffected","versionType":"semver"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.93","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.35","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.210"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.1.176"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.6.143"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.12.93"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.18.35"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.19.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/b37da3ac099e145bcd3be82c745a8d335772e3af"},{"url":"https://git.kernel.org/stable/c/c4f840437e7641764de15f2de951ac8335d641f1"},{"url":"https://git.kernel.org/stable/c/963537a26fd892f7e414a091f807b44aeee97a7d"},{"url":"https://git.kernel.org/stable/c/976612471a9e6ead6ceffc241e4d0a1aac90b36a"},{"url":"https://git.kernel.org/stable/c/54ed418de62a148a655262da682a050fa05f7924"},{"url":"https://git.kernel.org/stable/c/6fb6a97c86abb8592158088afaea0eb464cf9de1"},{"url":"https://git.kernel.org/stable/c/a6a9bc544b675d8b5180f2718ec985ad267b5cbf"}],"title":"net: mctp: ensure our nlmsg responses are initialised","x_generator":{"engine":"bippy-1.2.0"}}}}