net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo
CVE-2026-46132 is a vulnerability related to the net subsystem's rtnetlink interface, specifically involving zeroing the ifla_vf_broadcast field to prevent a stack information leak in the rtnl_fill_vfinfo function. The vulnerability affects Microsoft products including Azure Linux 3. 0. There is no CVSS score available, and no known exploits in the wild have been reported. No patch or remediation information is provided in the available data. The description does not provide detailed technical or impact specifics beyond the mention of an information leak mitigation.
AI Analysis
Technical Summary
This vulnerability concerns the rtnetlink interface in the network subsystem, where the ifla_vf_broadcast field was zeroed to avoid leaking stack information during the execution of rtnl_fill_vfinfo. It affects Microsoft products including Azure Linux 3.0. The vulnerability is identified by CVE-2026-46132 and was published on May 2, 2026. No CVSS score or detailed impact metrics are available, and no vendor advisory or patch information is provided in the current data.
Potential Impact
The vulnerability involves a potential stack information leak via the rtnetlink interface. Such leaks can potentially aid attackers in further exploitation, but no known exploits in the wild have been reported. The exact impact on confidentiality, integrity, or availability is not detailed in the provided information.
Mitigation Recommendations
Patch status is not yet confirmed — check the Microsoft Security Response Center advisory for current remediation guidance. No specific mitigation or patch information is provided in the available data.
net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo
Description
CVE-2026-46132 is a vulnerability related to the net subsystem's rtnetlink interface, specifically involving zeroing the ifla_vf_broadcast field to prevent a stack information leak in the rtnl_fill_vfinfo function. The vulnerability affects Microsoft products including Azure Linux 3. 0. There is no CVSS score available, and no known exploits in the wild have been reported. No patch or remediation information is provided in the available data. The description does not provide detailed technical or impact specifics beyond the mention of an information leak mitigation.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability concerns the rtnetlink interface in the network subsystem, where the ifla_vf_broadcast field was zeroed to avoid leaking stack information during the execution of rtnl_fill_vfinfo. It affects Microsoft products including Azure Linux 3.0. The vulnerability is identified by CVE-2026-46132 and was published on May 2, 2026. No CVSS score or detailed impact metrics are available, and no vendor advisory or patch information is provided in the current data.
Potential Impact
The vulnerability involves a potential stack information leak via the rtnetlink interface. Such leaks can potentially aid attackers in further exploitation, but no known exploits in the wild have been reported. The exact impact on confidentiality, integrity, or availability is not detailed in the provided information.
Mitigation Recommendations
Patch status is not yet confirmed — check the Microsoft Security Response Center advisory for current remediation guidance. No specific mitigation or patch information is provided in the available data.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_vex
- Csaf Version
- 2.0
- Publisher
- Microsoft Security Response Center
- Advisory Id
- msrc_CVE-2026-46132
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a19fed0e29bf47b500fe3c5
Added to database: 5/29/2026, 9:02:08 PM
Last enriched: 5/29/2026, 9:13:52 PM
Last updated: 5/31/2026, 4:56:49 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.