Improper input validation in Linux kernel - CVE-2026-46128
Published: May 29, 2026
Vulnerability identifier: #VU133063
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-46128
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in the ipmi event message buffer response handling when processing event message buffer responses from a BMC. A local user can trigger processing of a malformed or empty response to cause a denial of service.
Some BMCs may return an empty message instead of an error when events are fetched.
How to mitigate CVE-2026-46128
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/2418e4b21fb1355504d095da5d5f0a210564a43d
- https://git.kernel.org/stable/c/24269264c3d59a49eb09b10af2c75b14f2931482
- https://git.kernel.org/stable/c/36920f30e78e69df01f9691c470b6f3ba8aebf98
- https://git.kernel.org/stable/c/42432b579a594b66ac32e5e7b7c26e6bc578ec89
- https://git.kernel.org/stable/c/7f7ada72c07a83b46045ddfeee526bd9e2e3c8f0