Volerion logoVolerion
Volerion logoVolerion

Linux Kernel IPMI Event Message Buffer Response Validation Vulnerability

Vulnerability

A vulnerability in the Linux kernel's IPMI (Intelligent Platform Management Interface) implementation has been addressed. The issue arose because the response data size from the event message buffer was not properly validated immediately after the response was received. Some Baseboard Management Controllers (BMCs) may return an empty message instead of an error when events are fetched. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability could lead to improper handling of event messages, potentially causing issues in event processing.

Reproduction

The vulnerability can be reproduced by fetching event data from a BMC that returns an empty message instead of the expected error. This can occur with certain new BMCs that have this flaw.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.

Added: May 28, 2026, 2:08 PM
Updated: May 28, 2026, 2:08 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
5.3
remediation
7.7
relevance
9.2
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.