CVE Catalog

CVE-2026-46182

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile - higher than 2% of all known CVEs

Summary

A vulnerability in the Linux kernel was identified that allowed uninitialized stack memory bytes to leak to userspace. The issue was related to the papr_hvpipe_hdr structure, where not all fields were initialized, potentially leading to data exposure.

Risk Assessment

The leak of uninitialized data from kernel memory can lead to the exposure of sensitive information, posing a serious security threat to the system.

Recommendation

It is recommended to update the Linux kernel to a version that includes the patch initializing the entire structure to zero to prevent memory leaks.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace The hdr variable is allocated on the stack and only hdr.version and hdr.flags are initialized explicitly. Because the struct papr_hvpipe_hdr contains reserved padding bytes (reserved[3] and reserved2[40]), these could leak the uninitialized bytes to userspace after copy_to_user(). This patch fixes that by initializing the whole struct to 0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS