🟡 Medium | Source: Microsoft Security Response Center
CVE-2026-45930 is a vulnerability in the Linux kernel’s MCTP (Management Component Transport Protocol) networking subsystem, where netlink message responses were not properly initialised, potentially exposing uninitialised kernel memory to user space. This type of flaw can lead to information disclosure, allowing an attacker to read sensitive data from kernel memory. Microsoft has published this advisory in the context of Azure, suggesting it affects Linux-based workloads running on Azure infrastructure.
Security Architect’s Take: Review whether your Azure Linux VMs or AKS node pools are running kernel versions affected by this MCTP initialisation flaw, and prioritise patching to a remediated kernel version. If MCTP is not required in your environment, consider restricting access to netlink sockets via seccomp or AppArmor profiles as a compensating control.
Original advisory: CVE-2026-45930 net: mctp: ensure our nlmsg responses are initialised