{"id":"CVE-2026-45930","summary":"net: mctp: ensure our nlmsg responses are initialised","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: ensure our nlmsg responses are initialised\n\nSyed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from\nDEVCORE Research Team working with Trend Micro Zero Day Initiative\nreport that a RTM_GETNEIGH will return uninitalised data in the pad\nbytes of the ndmsg data.\n\nEnsure we're initialising the netlink data to zero, in the link, addr\nand neigh response messages.","modified":"2026-07-15T01:48:55.113643976Z","published":"2026-05-27T12:17:48.689Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45930.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/54ed418de62a148a655262da682a050fa05f7924"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6fb6a97c86abb8592158088afaea0eb464cf9de1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/963537a26fd892f7e414a091f807b44aeee97a7d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/976612471a9e6ead6ceffc241e4d0a1aac90b36a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a6a9bc544b675d8b5180f2718ec985ad267b5cbf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b37da3ac099e145bcd3be82c745a8d335772e3af"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c4f840437e7641764de15f2de951ac8335d641f1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45930.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45930"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"583be982d93479ea3d85091b0fd0b01201ede87d"},{"fixed":"b37da3ac099e145bcd3be82c745a8d335772e3af"},{"fixed":"c4f840437e7641764de15f2de951ac8335d641f1"},{"fixed":"963537a26fd892f7e414a091f807b44aeee97a7d"},{"fixed":"976612471a9e6ead6ceffc241e4d0a1aac90b36a"},{"fixed":"54ed418de62a148a655262da682a050fa05f7924"},{"fixed":"6fb6a97c86abb8592158088afaea0eb464cf9de1"},{"fixed":"a6a9bc544b675d8b5180f2718ec985ad267b5cbf"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45930.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.15.0"},{"fixed":"5.15.210"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.176"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.143"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.93"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.35"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45930.json"}}],"schema_version":"1.7.5"}