CVE-2026-43281
HIGH EPSS 2.1%
Published May 6, 20261mo ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate() Although it is guided that `#mbox-cells` must be at least 1, there are many instances of `#mbox-cells = <0>;` in the device tree. If that is the case and the corresponding mailbox controller does not provide `fw_xlate` and of_xlate` function pointers, `fw_mbox_index_xlate()` will be used by default and out-of-bounds accesses could occur due to lack of bounds check in that function.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
2.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-125 Out-of-bounds Read Memory Safety
Affected Products 12
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥3.18.1 – <6.1.167 |
| linux | linux_kernel | * | ≥6.2 – <6.6.130 |
| linux | linux_kernel | * | ≥6.7 – <6.12.77 |
| linux | linux_kernel | * | ≥6.13 – <6.18.16 |
| linux | linux_kernel | * | ≥6.19 – <6.19.6 |
| linux | linux_kernel | 3.18 | any |
| linux | linux_kernel | 3.18 | any |
| linux | linux_kernel | 3.18 | any |
| linux | linux_kernel | 3.18 | any |
| linux | linux_kernel | 3.18 | any |
| linux | linux_kernel | 3.18 | any |
| linux | linux_kernel | 3.18 | any |
References 8
- git.kernel.org https://git.kernel.org/stable/c/01d9a8c2615d436b2b30c19c1afe9fcd5726ff6d
- git.kernel.org https://git.kernel.org/stable/c/2662ed331a69c0b551f78af58f12eb629a89a36f
- git.kernel.org https://git.kernel.org/stable/c/2c7ff651ec6b660c7c96a36db9328b3232f555d8
- git.kernel.org https://git.kernel.org/stable/c/31c4c67dec3362094a6747a171a4848e98542265
- git.kernel.org https://git.kernel.org/stable/c/4caae8168d1b808c7d4ff481295292e3f97f90fb
- git.kernel.org https://git.kernel.org/stable/c/ec0874447895b994182a962d2fee9ef075de5efd
- git.kernel.org https://git.kernel.org/stable/c/f50b39fd7c72a8734153644ee945ca0d8b2e65ab
- git.kernel.org https://git.kernel.org/stable/c/fcd7f96c783626c07ee3ed75fa3739a8a2052310
Remediation
- git.kernel.org https://git.kernel.org/stable/c/01d9a8c2615d436b2b30c19c1afe9fcd5726ff6d
- git.kernel.org https://git.kernel.org/stable/c/2662ed331a69c0b551f78af58f12eb629a89a36f
- git.kernel.org https://git.kernel.org/stable/c/31c4c67dec3362094a6747a171a4848e98542265
- git.kernel.org https://git.kernel.org/stable/c/4caae8168d1b808c7d4ff481295292e3f97f90fb
- git.kernel.org https://git.kernel.org/stable/c/f50b39fd7c72a8734153644ee945ca0d8b2e65ab
- git.kernel.org https://git.kernel.org/stable/c/fcd7f96c783626c07ee3ed75fa3739a8a2052310