CVE-2026-43274

HIGH

mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq() The cluster_cfg array is dynamically allocated to hold per-CPU configuration structures, with its size based on the number of online CPUs. Previously, this array was indexed using hartid, which may be non-contiguous or exceed the bounds of the array, leading to out-of-bounds access. Switch to using cpuid as the index, as it is guaranteed to be within the valid range provided by for_each_online_cpu().

References (3)

Core 3

Core References

https://git.kernel.org/stable/c/95438699c92947155823dcd3918049a07f3cd867

https://git.kernel.org/stable/c/0442b6229e2eedc95a6d3d18ce75dec7f5b5377c

https://git.kernel.org/stable/c/f7c330a8c83c9b0332fd524097eaf3e69148164d

Scores

CVSS v3 8.4

EPSS 0.0002

EPSS Percentile 3.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-125

Status published

Products (12)

Linux/Linux < 6.14

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 0442b6229e2eedc95a6d3d18ce75dec7f5b5377c

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 95438699c92947155823dcd3918049a07f3cd867

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - f7c330a8c83c9b0332fd524097eaf3e69148164d

Linux/Linux 6.14

Linux/Linux 6.18.16 - 6.18.*

Linux/Linux 6.19.6 - 6.19.*

Linux/Linux 7.0

Linux/Linux e4b1d67e71419c4af581890ecea84b04920d4116 - 0442b6229e2eedc95a6d3d18ce75dec7f5b5377c

Linux/Linux e4b1d67e71419c4af581890ecea84b04920d4116 - 95438699c92947155823dcd3918049a07f3cd867

... and 2 more

Published May 06, 2026

Tracked Since May 06, 2026