Skip to main content

Linux EUVDEUVD-2026-18641

| CVE-2026-23422 HIGH
Out-of-bounds Write (CWE-787)
2026-04-03 Linux GHSA-6rph-vpvq-7wvw
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 24, 2026 - 15:22 vuln.today
cvss_changed
CVSS changed
Apr 24, 2026 - 15:22 NVD
7.8 (HIGH)
Patch available
Apr 16, 2026 - 05:29 EUVD
74badb9c20b1a9c02a95c735c6d3cd6121679c93,28fd8ac1d49389cb230d712116f54e27ebec11b8,00f42ace446f1e4bf84988f2281131f52cd32796
EUVD ID Assigned
Apr 03, 2026 - 13:45 euvd
EUVD-2026-18641
Analysis Generated
Apr 03, 2026 - 13:45 vuln.today
CVE Published
Apr 03, 2026 - 13:24 nvd
N/A

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler

Commit 31a7a0bbeb00 ("dpaa2-switch: add bounds check for if_id in IRQ handler") introduces a range check for if_id to avoid an out-of-bounds access. If an out-of-bounds if_id is detected, the interrupt status is not cleared. This may result in an interrupt storm.

Clear the interrupt status after detecting an out-of-bounds if_id to avoid the problem.

Found by an experimental AI code review agent at Google.

AnalysisAI

Interrupt storm in Linux kernel dpaa2-switch driver occurs when a bounds check rejects an out-of-bounds if_id in the IRQ handler but fails to clear the interrupt status, causing repeated spurious interrupts. This denial-of-service condition affects the NXP DPAA2 Ethernet switch driver on systems running vulnerable Linux kernel versions. An attacker with the ability to trigger malformed frames or hardware state transitions could exhaust CPU resources through interrupt flooding.

Technical ContextAI

The vulnerability exists in the dpaa2-switch driver's interrupt request handler, which processes interface identifiers (if_id) from hardware events. A prior commit added bounds validation to prevent out-of-bounds memory access when if_id exceeds the valid range; however, the fix neglected to clear the interrupt status register when the bounds check fails. In hardware interrupt contexts, failure to acknowledge or clear the interrupt status causes the hardware to re-assert the interrupt immediately, creating an interrupt storm loop. The underlying technology involves the NXP Data Path Acceleration Architecture v2 (DPAA2) Ethernet switch, which uses interrupt-driven event signaling. CWE classification suggests buffer overflow or bounds-checking logic error, though the root cause is more precisely an incomplete interrupt handler state management following input validation.

RemediationAI

Apply the upstream Linux kernel fix available at the commit hashes provided: b5bababe7703a7322bc59b803ab1587887a2a5e4 (main branch) or corresponding stable-branch patches. The fix adds interrupt status clearing in the error path when an out-of-bounds if_id is detected. Users should upgrade to a kernel version that includes this patch or manually apply the commit. Stable kernel maintainers have backported the fix across multiple kernel series; check your distribution's kernel update channels for the patched version. No workaround is available for unpatched systems other than avoiding scenarios that generate malformed if_id values in switch events, which is not reliably feasible in production networks.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-18641 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy