CVE-2026-45865
Analyzed Analyzed - Analysis Complete

Memory Corruption in Linux Kernel MCTP I2C Driver

Vulnerability report for CVE-2026-45865, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-27

Last updated on: 2026-06-25

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Tested with "i2ctransfer -y 1 r10@0x34" where 0x34 is a mctp-i2c instance, now it returns all 0xff.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-27
Last Modified
2026-06-25
Generated
2026-07-07
AI Q&A
2026-05-27
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.13 (inc) to 6.18.14 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.4 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.128 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
linux linux_kernel From 5.18 (inc) to 6.1.165 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel relates to the mctp i2c driver, where the event handler did not properly initialize the read bytes. Specifically, when reading from an mctp-i2c device over the i2c bus, the read operation could return uninitialized stack data instead of a defined value.

The fix involved setting the read bytes to 0xff, ensuring that reads return a consistent and safe value rather than potentially exposing uninitialized memory.

Impact Analysis

Because the vulnerability causes the i2c read operation to return uninitialized stack data, it could potentially leak sensitive or random data from kernel memory. This might lead to information disclosure or unpredictable behavior in systems using the affected mctp-i2c driver.

Detection Guidance

This vulnerability can be detected by testing the i2c reads of an mctp-i2c device. Specifically, you can use the command "i2ctransfer -y 1 r10@0x34" where 0x34 is the address of an mctp-i2c instance.

If the device is vulnerable, the read will return uninitialized stack values instead of the expected 0xff bytes. After the fix, the read returns all 0xff.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the mctp i2c event handler read bytes issue is resolved. This ensures that i2c reads from mctp-i2c devices return 0xff instead of uninitialized stack values.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45865. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart