CVE-2026-52985
Received Received - Intake
BaseFortify

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: netdevsim: zero initialize struct iphdr in dummy sk_buff Syzbot reports a KMSAN uninit-value originating from nsim_dev_trap_skb_build, with the allocation also being performed in the same function. Fix this by calling skb_put_zero instead of skb_put to guarantee zero initialization of the whole IP header.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-52985
EUVD
EUVD-2026-38853
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability involves an uninitialized value in the Linux kernel's netdevsim module, specifically in the IP header structure within a dummy socket buffer. The issue could potentially lead to unpredictable behavior or security risks due to the use of uninitialized memory.

The fix ensures that the IP header is zero-initialized, preventing the use of uninitialized data which could otherwise cause kernel instability or information leakage.

Executive Summary

This vulnerability is in the Linux kernel's netdevsim component. It involves the struct iphdr within a dummy sk_buff (socket buffer) not being properly zero-initialized. Specifically, a tool called Syzbot reported an uninitialized memory value originating from the function nsim_dev_trap_skb_build, where the allocation and initialization occur. The issue was fixed by replacing the skb_put function with skb_put_zero to ensure the entire IP header is zero-initialized.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52985. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart