CVE-2026-46128
Awaiting Analysis Awaiting Analysis - Queue
IPMI Event Message Buffer Response Validation Flaw

Publication date: 2026-05-28

Last updated on: 2026-05-28

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty message instead of an error when fetching events. There are apparently some new BMCs that make this error, so we need to compensate.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-28
Generated
2026-05-28
AI Q&A
2026-05-28
EPSS Evaluated
N/A
NVD
CVE-2026-46128
EUVD
EUVD-2026-32887
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's IPMI (Intelligent Platform Management Interface) implementation. It involves improper checking of the event message buffer response data size. Specifically, the size of the response data was only checked later during processing, rather than immediately after receiving the response. Some Baseboard Management Controllers (BMCs) may return an empty message instead of an error when fetching events, which could lead to issues if not properly handled.


How can this vulnerability impact me? :

If the Linux kernel does not properly check the event message buffer response immediately, it may process bad or empty data from certain BMCs. This could potentially lead to incorrect event handling or system instability related to IPMI event processing.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart