CVE-2026-46128

EUVD-2026-32887
In the Linux kernel, the following vulnerability has been resolved:

ipmi: Check event message buffer response for bad data

The event message buffer response data size got checked later when
processing, but check it right after the response comes back.  It
appears some BMCs may return an empty message instead of an error
when fetching events.

There are apparently some new BMCs that make this error, so we need to
compensate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
7.0.9-1
fixed
sid
7.0.10-1
fixed
trixie
vulnerable
trixie (security)
6.12.90-2
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/2418e4b21fb1355504d095da5d5f0a210564a43d
https://git.kernel.org/stable/c/24269264c3d59a49eb09b10af2c75b14f2931482
https://git.kernel.org/stable/c/36920f30e78e69df01f9691c470b6f3ba8aebf98
https://git.kernel.org/stable/c/42432b579a594b66ac32e5e7b7c26e6bc578ec89
https://git.kernel.org/stable/c/7f7ada72c07a83b46045ddfeee526bd9e2e3c8f0