GHSA-m7mh-8j45-fp89MediumCVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg...
🔗 CVE IDs covered (1)
📋 Description
In the Linux kernel, the following vulnerability has been resolved:
net: mctp: ensure our nlmsg responses are initialised
Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTM_GETNEIGH will return uninitalised data in the pad bytes of the ndmsg data.
Ensure we're initialising the netlink data to zero, in the link, addr and neigh response messages.
🔗 References (9)
- https://nvd.nist.gov/vuln/detail/CVE-2026-45930
- https://git.kernel.org/stable/c/6fb6a97c86abb8592158088afaea0eb464cf9de1
- https://git.kernel.org/stable/c/a6a9bc544b675d8b5180f2718ec985ad267b5cbf
- https://git.kernel.org/stable/c/54ed418de62a148a655262da682a050fa05f7924
- https://git.kernel.org/stable/c/976612471a9e6ead6ceffc241e4d0a1aac90b36a
- https://git.kernel.org/stable/c/963537a26fd892f7e414a091f807b44aeee97a7d
- https://git.kernel.org/stable/c/b37da3ac099e145bcd3be82c745a8d335772e3af
- https://git.kernel.org/stable/c/c4f840437e7641764de15f2de951ac8335d641f1
- https://github.com/advisories/GHSA-m7mh-8j45-fp89