CVE-2026-23180
Description
In the Linux kernel, the following vulnerability has been resolved:
dpaa2-switch: add bounds check for if_id in IRQ handler
The IRQ handler extracts if_id from the upper 16 bits of the hardware status register and uses it to index into ethsw->ports[] without validation. Since if_id can be any 16-bit value (0-65535) but the ports array is only allocated with sw_attr.num_ifs elements, this can lead to an out-of-bounds read potentially.
Add a bounds check before accessing the array, consistent with the existing validation in dpaa2_switch_rx().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing validation in dpaa2-switch IRQ handler can cause out-of-bounds read; patched in Linux kernel.
Vulnerability
Description
In the Linux kernel's dpa2-switch driver, the IRQ handler extracts a 16-bit if_id from the upper bits of a hardware status register and uses it as an index into the ethsw->ports[] array without verifying that the index is within bounds. The array is allocated with sw_attr.num_ifs elements, but if_id can range from 0 to 65535, allowing an attacker to trigger an out-of-bounds read [1].
Exploitation
Scenario
An attacker who can send crafted network frames to the switch or manipulate the hardware status register could cause the IRQ handler to read beyond the allocated array. This does not require local authentication; any network-adjacent attacker capable of triggering the vulnerable code path may exploit this issue.
Impact
Successful exploitation leads to reading kernel memory beyond the ports array, potentially leaking sensitive information or causing system instability. The vulnerability is rated High (CVSS 7.0) due to the potential for information disclosure or denial of service.
Mitigation
A fix has been committed to the stable kernel tree that adds a bounds check before accessing the ports array, consistent with existing validation in the dpaa2_switch_rx() function [1]. Users should apply the kernel update once it reaches their distribution.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- git.kernel.org/stable/c/1b381a638e1851d8cfdfe08ed9cdbec5295b18c9nvd
- git.kernel.org/stable/c/2447edc367800ba914acf7ddd5d250416b45fb31nvd
- git.kernel.org/stable/c/31a7a0bbeb006bac2d9c81a2874825025214b6d8nvd
- git.kernel.org/stable/c/34b56c16efd61325d80bf1d780d0e176be662f59nvd
- git.kernel.org/stable/c/77611cab5bdfff7a070ae574bbfba20a1de99d1bnvd
- git.kernel.org/stable/c/f89e33c9c37f0001b730e23b3b05ab7b1ecface2nvd
News mentions
0No linked articles in our index yet.