In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTM_GETNEIGH will return uninitalised data in the pad bytes of the ndmsg data. Ensure we're initialising the netlink data to zero, in the link, addr and neigh response messages.

A flaw was found in the Linux kernel's Multi-Channel Transport Protocol (MCTP) networking implementation. When processing a RTM_GETNEIGH request, the system may return uninitialized data in the ndmsg pad bytes. This can allow a local attacker to obtain sensitive information from kernel memory, leading to information disclosure.

Red Hat Enterprise Linux 10 Not affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Not affected kernel Red Hat Enterprise Linux 9 Not affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-45930 https://nvd.nist.gov/vuln/detail/CVE-2026-45930 https://lore.kernel.org/linux-cve-announce/2026052726-CVE-2026-45930-1ec6@gregkh/T