CVE Catalog

CVE-2026-46128

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile - higher than 8% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to the incorrect checking of the data size of the event message buffer response in the IPMI interface. The issue is that the size check occurs later, which may lead to improper processing of empty messages returned by some BMCs.

Risk Assessment

Organizations may be exposed to security issues if new BMCs return empty messages, potentially leading to malfunctioning monitoring and management systems. This could result in data loss or unauthorized access to systems.

Recommendation

It is recommended to update the Linux kernel to the latest version to patch this vulnerability and to monitor communication with BMCs for any irregularities.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty message instead of an error when fetching events. There are apparently some new BMCs that make this error, so we need to compensate.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS