CVE-2026-45930 Linux CVE debrief

Who should care

Linux system administrators, kernel maintainers, and security teams monitoring for information disclosure vulnerabilities in networking subsystems. Organizations running workloads with unprivileged user access to netlink sockets should prioritize patching.

Technical summary

The Linux kernel's MCTP (Management Component Transport Protocol) subsystem failed to initialize padding bytes in netlink response messages for RTM_GETNEIGH operations. The ndmsg structure contains pad bytes that were not zeroed before copying to user space, potentially exposing uninitialized kernel stack or heap memory. The vulnerability affects the net/mctp implementation where nlmsg responses for link, address, and neighbor messages lacked proper initialization. The resolution adds zero-initialization of netlink message data before population and transmission to user space.

Defensive priority

medium

Recommended defensive actions

• Apply kernel patches from stable kernel releases containing commits 6fb6a97c86abb8592158088afaea0eb464cf9de1 and a6a9bc544b675d8b5180f2718ec985ad267b5cbf
• Monitor for kernel updates addressing CVE-2026-45930 in distribution security advisories
• Restrict unprivileged access to netlink sockets where possible through security policies
• Review systems for unexpected netlink activity that may indicate information gathering attempts

Evidence notes

The vulnerability description indicates that RTM_GETNEIGH netlink messages return uninitialized padding bytes in ndmsg data structures. The fix commit initializes netlink response data to zero for link, addr, and neigh messages. Two kernel.org stable commits are referenced as resolution sources.

Official resources