CVE-2026-45865
Awaiting Analysis Awaiting Analysis - Queue
Memory Corruption in Linux Kernel MCTP I2C Driver

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Tested with "i2ctransfer -y 1 r10@0x34" where 0x34 is a mctp-i2c instance, now it returns all 0xff.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45865
EUVD
EUVD-2026-32331
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel *
linux_kernel linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel relates to the mctp i2c driver, where the event handler did not properly initialize the read bytes. Specifically, when reading from an mctp-i2c device over the i2c bus, the read operation could return uninitialized stack data instead of a defined value.

The fix involved setting the read bytes to 0xff, ensuring that reads return a consistent and safe value rather than potentially exposing uninitialized memory.

Impact Analysis

Because the vulnerability causes the i2c read operation to return uninitialized stack data, it could potentially leak sensitive or random data from kernel memory. This might lead to information disclosure or unpredictable behavior in systems using the affected mctp-i2c driver.

Detection Guidance

This vulnerability can be detected by testing the i2c reads of an mctp-i2c device. Specifically, you can use the command "i2ctransfer -y 1 r10@0x34" where 0x34 is the address of an mctp-i2c instance.

If the device is vulnerable, the read will return uninitialized stack values instead of the expected 0xff bytes. After the fix, the read returns all 0xff.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the mctp i2c event handler read bytes issue is resolved. This ensures that i2c reads from mctp-i2c devices return 0xff instead of uninitialized stack values.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45865. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart