In the Linux kernel, the following vulnerability has been resolved:
net: mctp: ensure our nlmsg responses are initialised
Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from
DEVCORE Research Team working with Trend Micro Zero Day Initiative
report that a RTM_GETNEIGH will return uninitalised data in the pad
bytes of the ndmsg data.
Ensure we're initialising the netlink data to zero, in the link, addr
and neigh response messages.
net: mctp: ensure our nlmsg responses are initialised
Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from
DEVCORE Research Team working with Trend Micro Zero Day Initiative
report that a RTM_GETNEIGH will return uninitalised data in the pad
bytes of the ndmsg data.
Ensure we're initialising the netlink data to zero, in the link, addr
and neigh response messages.
Advisories
| Source | ID | Title |
|---|---|---|
Debian DLA |
DLA-4665-1 | linux security update |
Debian DLA |
DLA-4671-1 | linux-6.1 security update |
Debian DSA |
DSA-6355-1 | linux security update |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 19 Jun 2026 12:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 09 Jun 2026 11:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Thu, 28 May 2026 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-200 CWE-254 |
Thu, 28 May 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-824 | |
| References |
|
Wed, 27 May 2026 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-200 CWE-254 |
Wed, 27 May 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTM_GETNEIGH will return uninitalised data in the pad bytes of the ndmsg data. Ensure we're initialising the netlink data to zero, in the link, addr and neigh response messages. | |
| Title | net: mctp: ensure our nlmsg responses are initialised | |
| First Time appeared |
Linux
Linux linux Kernel |
|
| CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Linux
Linux linux Kernel |
|
| References |
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Linux
Published:
Updated: 2026-06-19T11:58:46.478Z
Reserved: 2026-05-13T15:03:33.086Z
Link: CVE-2026-45930
No data.
Status : Awaiting Analysis
Published: 2026-05-27T14:17:08.947
Modified: 2026-06-17T10:52:44.890
Link: CVE-2026-45930
OpenCVE Enrichment
Updated: 2026-05-28T15:30:05Z
Weaknesses
Debian DLA
Debian DSA