CVE-2026-45865

May 27, 2026, 2:48 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Tested with "i2ctransfer -y 1 r10@0x34" where 0x34 is a mctp-i2c instance, now it returns all 0xff.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *
Mctp
  • Mctp-i2c
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
a mctp mctp-i2c / / / / / / / /

References

https://git.kernel.org/stable/c/11f83253244060b5de5eac787f61ae3f3e559d01
https://git.kernel.org/stable/c/1eeedb310229bfee9dd4d992e5bba33fe1378a8f
https://git.kernel.org/stable/c/2a14e91b6d76639dac70ea170f4384c1ee3cb48d
https://git.kernel.org/stable/c/6ff2ebfef75fbc57d937d8fbe738b967edf2d331
https://git.kernel.org/stable/c/93e01e837e105299f1c259ef71f6e1ec4fe806e3
https://git.kernel.org/stable/c/fa9861e5c8af7651dddfa8d490aaada17ae33b6c

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2026-05-27
CVE-2026-45865

Timeline

Published: May 27, 2026, 2:16 p.m.
Last Modified: May 27, 2026, 2:48 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.