netdevsim: zero initialize struct iphdr in dummy sk_buff
Summary
| CVE | CVE-2026-52985 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-24 17:17:09 UTC |
| Updated | 2026-06-24 17:17:09 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: netdevsim: zero initialize struct iphdr in dummy sk_buff Syzbot reports a KMSAN uninit-value originating from nsim_dev_trap_skb_build, with the allocation also being performed in the same function. Fix this by calling skb_put_zero instead of skb_put to guarantee zero initialization of the whole IP header. |
Risk And Classification
EPSS: 0.001760000 probability, percentile 0.073580000 (date 2026-06-25)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected da58f90f11f597520f226caff1d3cfc115abedc9 175556c049eaec14efde8c6475e763b7579b9de7 git | Not specified |
| CNA | Linux | Linux | affected da58f90f11f597520f226caff1d3cfc115abedc9 6e2cfd0904976e701d7a76b86b694e72af230ab0 git | Not specified |
| CNA | Linux | Linux | affected da58f90f11f597520f226caff1d3cfc115abedc9 1b7b6ae0e93b8d512e208b1378d74af052e4f4e7 git | Not specified |
| CNA | Linux | Linux | affected da58f90f11f597520f226caff1d3cfc115abedc9 818f7673ed7f4a29d4b9cee8184c47d6e57162b4 git | Not specified |
| CNA | Linux | Linux | affected da58f90f11f597520f226caff1d3cfc115abedc9 978ca6ff789f1f19c03288ac20cc1f4774e88490 git | Not specified |
| CNA | Linux | Linux | affected da58f90f11f597520f226caff1d3cfc115abedc9 750d0091bebf44975421268d37484ef87060d263 git | Not specified |
| CNA | Linux | Linux | affected da58f90f11f597520f226caff1d3cfc115abedc9 bc6002865e8c4fcf9e94975f7cf023448d8764e2 git | Not specified |
| CNA | Linux | Linux | affected da58f90f11f597520f226caff1d3cfc115abedc9 35eaa6d8d6c2ee65e96f507add856e0eacf24591 git | Not specified |
| CNA | Linux | Linux | affected 5.4 | Not specified |
| CNA | Linux | Linux | unaffected 5.4 semver | Not specified |
| CNA | Linux | Linux | unaffected 5.10.258 5.10.* semver | Not specified |
| CNA | Linux | Linux | unaffected 5.15.209 5.15.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.1.175 6.1.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.141 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.91 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.33 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.0.10 7.0.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.1 * original_commit_for_fix | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/750d0091bebf44975421268d37484ef87060d263 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/bc6002865e8c4fcf9e94975f7cf023448d8764e2 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/1b7b6ae0e93b8d512e208b1378d74af052e4f4e7 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/978ca6ff789f1f19c03288ac20cc1f4774e88490 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/35eaa6d8d6c2ee65e96f507add856e0eacf24591 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/6e2cfd0904976e701d7a76b86b694e72af230ab0 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/818f7673ed7f4a29d4b9cee8184c47d6e57162b4 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/175556c049eaec14efde8c6475e763b7579b9de7 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.