CVE-2026-52985
Analyzed Analyzed - Analysis Complete

netdevsim IP Header Zero Initialization Flaw

Vulnerability report for CVE-2026-52985, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-07-14

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: netdevsim: zero initialize struct iphdr in dummy sk_buff Syzbot reports a KMSAN uninit-value originating from nsim_dev_trap_skb_build, with the allocation also being performed in the same function. Fix this by calling skb_put_zero instead of skb_put to guarantee zero initialization of the whole IP header.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-07-14
Generated
2026-07-15
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel From 6.2 (inc) to 6.6.141 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.91 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.33 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.10 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.175 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.209 (exc)
linux linux_kernel From 5.4 (inc) to 5.10.258 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-908 The product uses or accesses a resource that has not been initialized.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's netdevsim component. It involves the struct iphdr within a dummy sk_buff (socket buffer) not being properly zero-initialized. Specifically, a tool called Syzbot reported an uninitialized memory value originating from the function nsim_dev_trap_skb_build, where the allocation and initialization occur. The issue was fixed by replacing the skb_put function with skb_put_zero to ensure the entire IP header is zero-initialized.

Impact Analysis

This vulnerability involves an uninitialized value in the Linux kernel's netdevsim module, specifically in the IP header structure within a dummy socket buffer. The issue could potentially lead to unpredictable behavior or security risks due to the use of uninitialized memory.

The fix ensures that the IP header is zero-initialized, preventing the use of uninitialized data which could otherwise cause kernel instability or information leakage.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52985. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart