CVE-2026-43205
Description
In the Linux kernel, the following vulnerability has been resolved:
dpaa2-switch: validate num_ifs to prevent out-of-bounds write
The driver obtains sw_attr.num_ifs from firmware via dpsw_get_attributes() but never validates it against DPSW_MAX_IF (64). This value controls iteration in dpaa2_switch_fdb_get_flood_cfg(), which writes port indices into the fixed-size cfg->if_id[DPSW_MAX_IF] array. When firmware reports num_ifs >= 64, the loop can write past the array bounds.
Add a bound check for num_ifs in dpaa2_switch_init().
dpaa2_switch_fdb_get_flood_cfg() appends the control interface (port num_ifs) after all matched ports. When num_ifs == DPSW_MAX_IF and all ports match the flood filter, the loop fills all 64 slots and the control interface write overflows by one entry.
The check uses >= because num_ifs == DPSW_MAX_IF is also functionally broken.
build_if_id_bitmap() silently drops any ID >= 64: if (id[i] < DPSW_MAX_IF) bmap[id[i] / 64] |= ...
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
77- osv-coords75 versionspkg:rpm/almalinux/kernelpkg:rpm/almalinux/kernel-64kpkg:rpm/almalinux/kernel-64k-corepkg:rpm/almalinux/kernel-64k-debugpkg:rpm/almalinux/kernel-64k-debug-corepkg:rpm/almalinux/kernel-64k-debug-develpkg:rpm/almalinux/kernel-64k-debug-devel-matchedpkg:rpm/almalinux/kernel-64k-debug-modulespkg:rpm/almalinux/kernel-64k-debug-modules-corepkg:rpm/almalinux/kernel-64k-debug-modules-extrapkg:rpm/almalinux/kernel-64k-develpkg:rpm/almalinux/kernel-64k-devel-matchedpkg:rpm/almalinux/kernel-64k-modulespkg:rpm/almalinux/kernel-64k-modules-corepkg:rpm/almalinux/kernel-64k-modules-extrapkg:rpm/almalinux/kernel-abi-stablelistspkg:rpm/almalinux/kernel-corepkg:rpm/almalinux/kernel-cross-headerspkg:rpm/almalinux/kernel-debugpkg:rpm/almalinux/kernel-debug-corepkg:rpm/almalinux/kernel-debug-develpkg:rpm/almalinux/kernel-debug-devel-matchedpkg:rpm/almalinux/kernel-debug-modulespkg:rpm/almalinux/kernel-debug-modules-corepkg:rpm/almalinux/kernel-debug-modules-extrapkg:rpm/almalinux/kernel-debug-uki-virtpkg:rpm/almalinux/kernel-develpkg:rpm/almalinux/kernel-devel-matchedpkg:rpm/almalinux/kernel-docpkg:rpm/almalinux/kernel-headerspkg:rpm/almalinux/kernel-modulespkg:rpm/almalinux/kernel-modules-corepkg:rpm/almalinux/kernel-modules-extrapkg:rpm/almalinux/kernel-modules-extra-matchedpkg:rpm/almalinux/kernel-rtpkg:rpm/almalinux/kernel-rt-64kpkg:rpm/almalinux/kernel-rt-64k-corepkg:rpm/almalinux/kernel-rt-64k-debugpkg:rpm/almalinux/kernel-rt-64k-debug-corepkg:rpm/almalinux/kernel-rt-64k-debug-develpkg:rpm/almalinux/kernel-rt-64k-debug-modulespkg:rpm/almalinux/kernel-rt-64k-debug-modules-corepkg:rpm/almalinux/kernel-rt-64k-debug-modules-extrapkg:rpm/almalinux/kernel-rt-64k-develpkg:rpm/almalinux/kernel-rt-64k-modulespkg:rpm/almalinux/kernel-rt-64k-modules-corepkg:rpm/almalinux/kernel-rt-64k-modules-extrapkg:rpm/almalinux/kernel-rt-corepkg:rpm/almalinux/kernel-rt-debugpkg:rpm/almalinux/kernel-rt-debug-corepkg:rpm/almalinux/kernel-rt-debug-develpkg:rpm/almalinux/kernel-rt-debug-modulespkg:rpm/almalinux/kernel-rt-debug-modules-corepkg:rpm/almalinux/kernel-rt-debug-modules-extrapkg:rpm/almalinux/kernel-rt-develpkg:rpm/almalinux/kernel-rt-modulespkg:rpm/almalinux/kernel-rt-modules-corepkg:rpm/almalinux/kernel-rt-modules-extrapkg:rpm/almalinux/kernel-toolspkg:rpm/almalinux/kernel-tools-libspkg:rpm/almalinux/kernel-tools-libs-develpkg:rpm/almalinux/kernel-uki-virtpkg:rpm/almalinux/kernel-uki-virt-addonspkg:rpm/almalinux/kernel-zfcpdumppkg:rpm/almalinux/kernel-zfcpdump-corepkg:rpm/almalinux/kernel-zfcpdump-develpkg:rpm/almalinux/kernel-zfcpdump-devel-matchedpkg:rpm/almalinux/kernel-zfcpdump-modulespkg:rpm/almalinux/kernel-zfcpdump-modules-corepkg:rpm/almalinux/kernel-zfcpdump-modules-extrapkg:rpm/almalinux/libperfpkg:rpm/almalinux/perfpkg:rpm/almalinux/python3-perfpkg:rpm/almalinux/rtlapkg:rpm/almalinux/rv
< 6.12.0-211.18.1.el10_2+ 74 more
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
Patches
Vulnerability mechanics
References
7- git.kernel.org/stable/c/89764cf44544e943230f5e03b8c40a90da26537cnvdPatch
- git.kernel.org/stable/c/8a5752c6dcc085a3bfc78589925182e4e98468c5nvdPatch
- git.kernel.org/stable/c/8b841fd529db9faf8bc678d429d4bf4e98b10900nvdPatch
- git.kernel.org/stable/c/a26dda3bae469c8e4e1b1993ad33dafa32d0fc28nvdPatch
- git.kernel.org/stable/c/a3034a8d56174dd6464c46823438f25797910a8dnvdPatch
- git.kernel.org/stable/c/b690635d4719214892855b79ce018d4b1672ac96nvdPatch
- git.kernel.org/stable/c/c18493f750208eb4ff1198fc5a02786b8b2d70a6nvdPatch
News mentions
0No linked articles in our index yet.