CVE-2026-46128
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel related to the incorrect checking of the data size of the event message buffer response in the IPMI interface. The issue is that the size check occurs later, which may lead to improper processing of empty messages returned by some BMCs.
Risk Assessment
Organizations may be exposed to security issues if new BMCs return empty messages, potentially leading to malfunctioning monitoring and management systems. This could result in data loss or unauthorized access to systems.
Recommendation
It is recommended to update the Linux kernel to the latest version to patch this vulnerability and to monitor communication with BMCs for any irregularities.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty message instead of an error when fetching events. There are apparently some new BMCs that make this error, so we need to compensate.

