CVE-2026-46182 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace The hdr variable is allocated on the stack and only hdr.version and hdr.flags are initialized explicitly. Because the struct papr_hvpipe_hdr contains reserved padding bytes (reserved[3] and reserved2[40]), these could leak the uninitialized bytes to userspace after copy_to_user(). This patch fixes that by initializing the whole struct to 0.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0479b6e9f999cc1cbad7d9f09f574fc387e605d5
https://git.kernel.org/stable/c/cefeed44296261173a806bef988b26bc565da4be
https://git.kernel.org/stable/c/f88f8e4485b437e0a2f96a7ff1f88aa22d925659

History

Thu, 28 May 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace The hdr variable is allocated on the stack and only hdr.version and hdr.flags are initialized explicitly. Because the struct papr_hvpipe_hdr contains reserved padding bytes (reserved[3] and reserved2[40]), these could leak the uninitialized bytes to userspace after copy_to_user(). This patch fixes that by initializing the whole struct to 0.
Title		pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0479b6e9f999cc1cbad7d9f09f574fc387e605d5 https://git.kernel.org/stable/c/cefeed44296261173a806bef988b26bc565da4be https://git.kernel.org/stable/c/f88f8e4485b437e0a2f96a7ff1f88aa22d925659

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-28T09:36:35.528Z

Updated: 2026-05-28T09:36:35.528Z

Reserved: 2026-05-13T15:03:33.103Z

Link: CVE-2026-46182

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-28T10:16:33.837

Modified: 2026-05-28T10:16:33.837

Link: CVE-2026-46182

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46182", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.103Z", "datePublished": "2026-05-28T09:36:35.528Z", "dateUpdated": "2026-05-28T09:36:35.528Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-28T09:36:35.528Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npseries/papr-hvpipe: Prevent kernel stack memory leak to userspace\n\nThe hdr variable is allocated on the stack and only hdr.version and\nhdr.flags are initialized explicitly. Because the struct papr_hvpipe_hdr\ncontains reserved padding bytes (reserved[3] and reserved2[40]), these\ncould leak the uninitialized bytes to userspace after copy_to_user().\n\nThis patch fixes that by initializing the whole struct to 0."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/powerpc/platforms/pseries/papr-hvpipe.c"], "versions": [{"version": "cebdb522fd3edd1fe05f7b4a74a27da7dd0f8d86", "lessThan": "0479b6e9f999cc1cbad7d9f09f574fc387e605d5", "status": "affected", "versionType": "git"}, {"version": "cebdb522fd3edd1fe05f7b4a74a27da7dd0f8d86", "lessThan": "f88f8e4485b437e0a2f96a7ff1f88aa22d925659", "status": "affected", "versionType": "git"}, {"version": "cebdb522fd3edd1fe05f7b4a74a27da7dd0f8d86", "lessThan": "cefeed44296261173a806bef988b26bc565da4be", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/powerpc/platforms/pseries/papr-hvpipe.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.30", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.7", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.30"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.0.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.1-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0479b6e9f999cc1cbad7d9f09f574fc387e605d5"}, {"url": "https://git.kernel.org/stable/c/f88f8e4485b437e0a2f96a7ff1f88aa22d925659"}, {"url": "https://git.kernel.org/stable/c/cefeed44296261173a806bef988b26bc565da4be"}], "title": "pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace", "x_generator": {"engine": "bippy-1.2.0"}}}}