CVE-2026-46177
Received Received - Intake
Linux Kernel IPMI Message Request Handling Denial of Service

Publication date: 2026-05-28

Last updated on: 2026-05-28

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ipmi: Add limits to event and receive message requests The driver would just fetch events and receive messages until the BMC said it was done. To avoid issues with BMCs that never say they are done, add a limit of 10 fetches at a time. In addition, an si interface has an attn state it can return from the hardware which is supposed to cause a flag fetch to see if the driver needs to fetch events or message or a few other things. If the attn bit gets stuck, it's a similar problem. So allow messages in between flag fetches so the driver itself doesn't get stuck. This is a more general fix than the previous fix for the specific bad BMC, but should fix the more general issue of a BMC that won't stop saying it has data. This has been there from the beginning of the driver. It's not a bug per-se, but it is accounting for bugs in BMCs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-28
Generated
2026-05-28
AI Q&A
2026-05-28
EPSS Evaluated
N/A
NVD
CVE-2026-46177
EUVD
EUVD-2026-32804
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel *
linux_kernel linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's IPMI driver, which handles communication with the Baseboard Management Controller (BMC). The driver would continuously fetch events and receive messages until the BMC indicated it was done. However, some BMCs never signal completion, causing the driver to potentially get stuck in an endless loop.

To address this, a limit of 10 fetches at a time was added to prevent the driver from hanging. Additionally, the driver was modified to handle cases where a hardware attention (attn) bit gets stuck, allowing messages to be processed between flag fetches so the driver does not get stuck waiting.

This fix is more general than previous ones and accounts for bugs in BMCs that cause them to continuously indicate they have data, preventing the driver from hanging indefinitely.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is resolved by adding limits to event and receive message requests in the Linux kernel's IPMI driver. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

This fix prevents the driver from getting stuck by limiting the number of fetches to 10 at a time and allowing messages in between flag fetches.


How can this vulnerability impact me? :

If unaddressed, this vulnerability could cause the Linux kernel's IPMI driver to become stuck in a loop fetching events and messages from a BMC that never signals it is done. This could lead to resource exhaustion or system instability due to the driver being unable to proceed.

By limiting the number of fetches and handling stuck attention bits, the fix prevents the driver from hanging, improving system reliability and stability when interacting with faulty BMCs.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart