Use of Uninitialized Variable in Linux kernel - CVE-2026-46182
Published: May 29, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to uninitialized stack memory in papr_hvpipe when copying a header structure to userspace. A local user can trigger the affected operation to disclose sensitive information.
The issue is caused by uninitialized padding bytes in the structure being exposed through copy_to_user().