Linux Kernel Netlink Message Initialization Vulnerability in MCTP

A vulnerability in the Linux kernel's handling of netlink messages for the Management Component Transport Protocol (MCTP) has been addressed. This issue, present in the stable Linux kernel, involved the RTM_GETNEIGH command returning uninitialized data in the pad bytes of the neighbor discovery message. The vulnerability arose because the netlink response messages were not properly initialized, potentially leading to the disclosure of garbage data. The issue has been fixed by ensuring that the netlink data is cleared before being populated with valid information.

Impact

The vulnerability could lead to the unintentional disclosure of uninitialized memory data through netlink messages, which could be exploited to gain information about the system's memory state or to manipulate netlink-based interactions.