CVE-2026-45930
Description
AI Translation Available
In the Linux kernel, the following vulnerability has been resolved:
net: mctp: ensure our nlmsg responses are initialised
Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from
DEVCORE Research Team working with Trend Micro Zero Day Initiative
report that a RTM_GETNEIGH will return uninitalised data in the pad
bytes of the ndmsg data.
Ensure we're initialising the netlink data to zero, in the link, addr
and neigh response messages.
https://git.kernel.org/stable/c/6fb6a97c86abb8592158088afaea0eb464cf9de1
https://git.kernel.org/stable/c/a6a9bc544b675d8b5180f2718ec985ad267b5cbf