CVE-2026-45930

Description

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTM_GETNEIGH will return uninitalised data in the pad bytes of the ndmsg data. Ensure we're initialising the netlink data to zero, in the link, addr and neigh response messages.

References

• https://git.kernel.org/stable/c/6fb6a97c86abb8592158088afaea0eb464cf9de1
• https://git.kernel.org/stable/c/a6a9bc544b675d8b5180f2718ec985ad267b5cbf