CVE-2026-45865
Description
In the Linux kernel, the following vulnerability has been resolved:
mctp i2c: initialise event handler read bytes
Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8.
Tested with "i2ctransfer -y 1 r10@0x34" where 0x34 is a mctp-i2c instance, now it returns all 0xff.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Uninitialised stack value disclosure in Linux kernel's MCTP I2C driver when reading from an MCTP-I2C device.
Vulnerability
In the Linux kernel, the MCTP I2C driver (mctp i2c) fails to initialise the read byte buffer for event handler reads. When an I2C read is performed on an MCTP-I2C device (e.g., via i2ctransfer -y 1 r10@0x34 where 0x34 is an MCTP-I2C instance), the returned value is taken from the I2C bus driver without being set. For certain I2C bus drivers such as i2c-aspeed and i2c-npcm7xx, this results in returning an uninitialised stack u8 value. The fix sets a 0xff value for such reads [1].
Exploitation
An attacker with local access or the ability to trigger I2C reads on an MCTP-I2C device (e.g., through i2ctransfer) could obtain uninitialised kernel stack data. No authentication or special privileges beyond local user access to the I2C bus are required. The attacker must have the necessary permissions to perform I2C transfers (e.g., being in the i2c group or having root privileges).
Impact
Successful exploitation could leak sensitive kernel stack memory contents to an unprivileged user. The leaked data may contain kernel pointers, credentials, or other sensitive information, leading to information disclosure and potential privilege escalation. The vulnerability has a CVSS base score of 4.4 (Medium) [1].
Mitigation
The fix is contained in commit 2a14e91b6d76639dac70ea170f4384c1ee3cb48d, which was applied to the Linux kernel stable tree. Users should update to a kernel version containing this fix. No workaround is known; the issue is resolved by applying the patch [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
122a14e91b6d76mctp i2c: initialise event handler read bytes
2 files changed · +6 −2
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index ecda1cc36391ce..8043b57bdf2509 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -243,7 +243,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index ecda1cc36391ce..8043b57bdf2509 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -243,7 +243,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
fa9861e5c8afmctp i2c: initialise event handler read bytes
2 files changed · +6 −2
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index 8a30d0559d60dd..617333343ca00d 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -244,7 +244,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index 8a30d0559d60dd..617333343ca00d 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -244,7 +244,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
11f832532440mctp i2c: initialise event handler read bytes
2 files changed · +6 −2
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index 079fb7ca97b624..c8c2c5dc46eb79 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -244,7 +244,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index 079fb7ca97b624..c8c2c5dc46eb79 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -244,7 +244,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
6ff2ebfef75fmctp i2c: initialise event handler read bytes
2 files changed · +6 −2
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index ecda1cc36391ce..8043b57bdf2509 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -243,7 +243,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index ecda1cc36391ce..8043b57bdf2509 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -243,7 +243,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
93e01e837e10mctp i2c: initialise event handler read bytes
2 files changed · +6 −2
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index 1d0c516842793e..f77389c7006f84 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -244,7 +244,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index 1d0c516842793e..f77389c7006f84 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -244,7 +244,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
1eeedb310229mctp i2c: initialise event handler read bytes
2 files changed · +6 −2
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index ecda1cc36391ce..8043b57bdf2509 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -243,7 +243,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index ecda1cc36391ce..8043b57bdf2509 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -243,7 +243,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
1eeedb310229mctp i2c: initialise event handler read bytes
2 files changed · +6 −2
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index ecda1cc36391ce..8043b57bdf2509 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -243,7 +243,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index ecda1cc36391ce..8043b57bdf2509 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -243,7 +243,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
fa9861e5c8afmctp i2c: initialise event handler read bytes
2 files changed · +6 −2
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index 8a30d0559d60dd..617333343ca00d 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -244,7 +244,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index 8a30d0559d60dd..617333343ca00d 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -244,7 +244,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
6ff2ebfef75fmctp i2c: initialise event handler read bytes
2 files changed · +6 −2
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index ecda1cc36391ce..8043b57bdf2509 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -243,7 +243,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index ecda1cc36391ce..8043b57bdf2509 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -243,7 +243,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
11f832532440mctp i2c: initialise event handler read bytes
2 files changed · +6 −2
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index 079fb7ca97b624..c8c2c5dc46eb79 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -244,7 +244,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index 079fb7ca97b624..c8c2c5dc46eb79 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -244,7 +244,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
2a14e91b6d76mctp i2c: initialise event handler read bytes
2 files changed · +6 −2
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index ecda1cc36391ce..8043b57bdf2509 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -243,7 +243,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index ecda1cc36391ce..8043b57bdf2509 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -243,7 +243,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
93e01e837e10mctp i2c: initialise event handler read bytes
2 files changed · +6 −2
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index 1d0c516842793e..f77389c7006f84 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -244,7 +244,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
drivers/net/mctp/mctp-i2c.c+3 −1 modifieddiff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c index 1d0c516842793e..f77389c7006f84 100644 --- a/drivers/net/mctp/mctp-i2c.c +++ b/drivers/net/mctp/mctp-i2c.c @@ -244,7 +244,10 @@ static int mctp_i2c_slave_cb(struct i2c_client *client, switch (event) { case I2C_SLAVE_READ_REQUESTED: + case I2C_SLAVE_READ_PROCESSED: + /* MCTP I2C transport only uses writes */ midev->rx_pos = 0; + *val = 0xff; break; case I2C_SLAVE_WRITE_RECEIVED: if (midev->rx_pos < MCTP_I2C_BUFSZ) { -- cgit 1.3-korg
Vulnerability mechanics
Root cause
"Missing initialisation of the `*val` output parameter in the I2C slave read event handler, causing uninitialised stack data to be returned to the reader."
Attack vector
An attacker who can perform I2C read transactions (e.g. via `i2ctransfer -y 1 r10@0x34`) against an MCTP I2C slave device will receive uninitialised stack data from the I2C bus driver (specifically `i2c-aspeed` and `i2c-npcm7xx`) instead of a deterministic value [patch_id=2661945]. Because the MCTP I2C transport only uses writes, the read callback never set `*val`, causing the bus driver's own stack variable to be returned to the attacker. No authentication or special privileges are required beyond I2C bus access.
Affected code
The vulnerability resides in the `mctp_i2c_slave_cb()` function in `drivers/net/mctp/mctp-i2c.c` [patch_id=2661945]. The `I2C_SLAVE_READ_REQUESTED` and `I2C_SLAVE_READ_PROCESSED` event handlers did not initialise the `*val` output parameter before returning.
What the fix does
The patch adds `case I2C_SLAVE_READ_PROCESSED:` alongside the existing `I2C_SLAVE_READ_REQUESTED` case and inserts `*val = 0xff;` to initialise the read byte [patch_id=2661945]. This ensures that any I2C read from an MCTP I2C device returns a fixed 0xff value instead of leaking uninitialised kernel stack memory from the bus driver. The comment "MCTP I2C transport only uses writes" explains why reads are not expected to carry real data.
Preconditions
- networkAttacker must have access to the I2C bus (e.g. via /dev/i2c-N or i2ctransfer) to issue read transactions to the MCTP I2C slave device address.
- configThe target system must have an MCTP I2C device instance (e.g. at address 0x34) bound to the mctp-i2c driver.
Generated on May 27, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- git.kernel.org/stable/c/11f83253244060b5de5eac787f61ae3f3e559d01nvd
- git.kernel.org/stable/c/1eeedb310229bfee9dd4d992e5bba33fe1378a8fnvd
- git.kernel.org/stable/c/2a14e91b6d76639dac70ea170f4384c1ee3cb48dnvd
- git.kernel.org/stable/c/6ff2ebfef75fbc57d937d8fbe738b967edf2d331nvd
- git.kernel.org/stable/c/93e01e837e105299f1c259ef71f6e1ec4fe806e3nvd
- git.kernel.org/stable/c/fa9861e5c8af7651dddfa8d490aaada17ae33b6cnvd
News mentions
0No linked articles in our index yet.