CVE-2026-23180
HIGH EPSS 2.7%
Published Feb 14, 20264mo ago · Modified Jun 17, 20261w ago
7.0 CVSS 3.1
Published Feb 14, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: add bounds check for if_id in IRQ handler The IRQ handler extracts if_id from the upper 16 bits of the hardware status register and uses it to index into ethsw->ports[] without validation. Since if_id can be any 16-bit value (0-65535) but the ports array is only allocated with sw_attr.num_ifs elements, this can lead to an out-of-bounds read potentially. Add a bounds check before accessing the array, consistent with the existing validation in dpaa2_switch_rx().
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
2.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
References 6
- git.kernel.org https://git.kernel.org/stable/c/1b381a638e1851d8cfdfe08ed9cdbec5295b18c9
- git.kernel.org https://git.kernel.org/stable/c/2447edc367800ba914acf7ddd5d250416b45fb31
- git.kernel.org https://git.kernel.org/stable/c/31a7a0bbeb006bac2d9c81a2874825025214b6d8
- git.kernel.org https://git.kernel.org/stable/c/34b56c16efd61325d80bf1d780d0e176be662f59
- git.kernel.org https://git.kernel.org/stable/c/77611cab5bdfff7a070ae574bbfba20a1de99d1b
- git.kernel.org https://git.kernel.org/stable/c/f89e33c9c37f0001b730e23b3b05ab7b1ecface2
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.