CVE-2025-68766

Root

Cause CVE-2025-68766 is a missing error code in the Microchip External Interrupt Controller (EIC) irqchip driver in the Linux kernel. The function mchp_eic_domain_alloc() checks whether the translated hardware interrupt number (hwirq) is within valid range (less than MCHP_EIC_NIRQ, which is 2), but if the check fails, the function does not set an appropriate error code. As a result, the function returns success (zero) even when an invalid hwirq was provided by irq_domain_translate_twocell() [1], [4].

Exploitation

The vulnerability is triggered during interrupt allocation when a device tree or other source requests an interrupt number that maps to an out-of-range hardware interrupt. The attacker would need the ability to influence the interrupt request, typically through a crafted device tree or by controlling a device that triggers an interrupt allocation with a bad specifier. No authentication is required beyond the ability to cause such an allocation path, which in embedded systems may be reachable from user space via certain device drivers [2].

Impact

If triggered, the valid-range check is bypassed because the error code is not set, allowing the allocation to proceed with an invalid hwirq. This can lead to an out-of-bounds array access when the driver later uses hwirq as an index, potentially causing memory corruption, a system crash, or other unpredictable behavior. The severity is considered low to moderate given the specific conditions required, but it could affect system stability on platforms using the Microchip EIC [3].

Mitigation

The fix, already applied in the Linux kernel stable trees, explicitly returns -EINVAL when the hwirq check fails, ensuring the allocation function properly rejects invalid interrupt numbers [1], [2], [4]. Users and distributors should apply the corresponding patch or update to a kernel version that includes the fix. No known workarounds exist, but the affected code path is limited to systems with Microchip EIC hardware.