CVE-2026-46128 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

ipmi: Check event message buffer response for bad data

The event message buffer response data size got checked later when
processing, but check it right after the response comes back. It
appears some BMCs may return an empty message instead of an error
when fetching events.

There are apparently some new BMCs that make this error, so we need to
compensate.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 2418e4b21fb1355504d095da5d5f0a210564a43d
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 7f7ada72c07a83b46045ddfeee526bd9e2e3c8f0
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 42432b579a594b66ac32e5e7b7c26e6bc578ec89
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 24269264c3d59a49eb09b10af2c75b14f2931482
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 36920f30e78e69df01f9691c470b6f3ba8aebf98

Linux

affected

Version	Status	Constraints
`2.6.12`	affected	—
`0`	unaffected	< 2.6.12
`6.6.140`	unaffected	≤ 6.6.*
`6.12.88`	unaffected	≤ 6.12.*
`6.18.30`	unaffected	≤ 6.18.*
`7.0.7`	unaffected	≤ 7.0.*
`7.1-rc3`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/2418e4b21fb1355504d095da5d5f0a210564a43d
https://git.kernel.org/stable/c/24269264c3d59a49eb09b10af2c75b14f2931482
https://git.kernel.org/stable/c/36920f30e78e69df01f9691c470b6f3ba8aebf98
https://git.kernel.org/stable/c/42432b579a594b66ac32e5e7b7c26e6bc578ec89
https://git.kernel.org/stable/c/7f7ada72c07a83b46045ddfeee526bd9e2e3c8f0

History

Thu, 28 May 2026 13:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-129

Thu, 28 May 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty message instead of an error when fetching events. There are apparently some new BMCs that make this error, so we need to compensate.
Title		ipmi: Check event message buffer response for bad data
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2418e4b21fb1355504d095da5d5f0a210564a43d https://git.kernel.org/stable/c/24269264c3d59a49eb09b10af2c75b14f2931482 https://git.kernel.org/stable/c/36920f30e78e69df01f9691c470b6f3ba8aebf98 https://git.kernel.org/stable/c/42432b579a594b66ac32e5e7b7c26e6bc578ec89 https://git.kernel.org/stable/c/7f7ada72c07a83b46045ddfeee526bd9e2e3c8f0

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-28T09:35:43.326Z

Updated: 2026-05-28T09:35:43.326Z

Reserved: 2026-05-13T15:03:33.099Z

Link: CVE-2026-46128

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-28T10:16:28.373

Modified: 2026-05-28T13:44:01.663

Link: CVE-2026-46128

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-28T18:30:23Z

Weaknesses

CWE-129

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object