PT-2026-37545 · Linux+3 · Linux+144
Published
2026-05-06
·
Updated
2026-05-07
·
CVE-2026-43205
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
An out-of-bounds write issue exists in the dpaa2-switch driver. The driver retrieves the
sw attr.num ifs value from firmware using the dpsw get attributes() function without validating it against the DPSW MAX IF limit of 64. This value controls the iteration process in the dpaa2 switch fdb get flood cfg() function, which writes port indices into the fixed-size cfg->if id[DPSW MAX IF] array. If the firmware reports a num ifs value of 64 or greater, the loop can write beyond the array boundaries. Specifically, when num ifs equals 64 and all ports match the flood filter, the loop fills all available slots, causing the subsequent write of the control interface to overflow by one entry.Recommendations
Apply a bound check for
num ifs within the dpaa2 switch init() function.Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux
Linux-Allwinner-5.19
Linux-Aws
Linux-Aws-5.0
Linux-Aws-5.11
Linux-Aws-5.13
Linux-Aws-5.15
Linux-Aws-5.19
Linux-Aws-5.3
Linux-Aws-5.8
Linux-Aws-6.14
Linux-Aws-6.17
Linux-Aws-6.2
Linux-Aws-6.5
Linux-Aws-6.8
Linux-Aws-Fips
Linux-Azure
Linux-Azure-5.11
Linux-Azure-5.13
Linux-Azure-5.15
Linux-Azure-5.19
Linux-Azure-5.3
Linux-Azure-5.8
Linux-Azure-6.11
Linux-Azure-6.14
Linux-Azure-6.17
Linux-Azure-6.2
Linux-Azure-6.5
Linux-Azure-6.8
Linux-Azure-Edge
Linux-Azure-Fde
Linux-Azure-Fde-5.15
Linux-Azure-Fde-5.19
Linux-Azure-Fde-6.14
Linux-Azure-Fde-6.17
Linux-Azure-Fde-6.2
Linux-Azure-Fde-6.8
Linux-Azure-Fips
Linux-Azure-Nvidia
Linux-Azure-Nvidia-6.14
Linux-Bluefield
Linux-Fips
Linux-Gcp
Linux-Gcp-5.11
Linux-Gcp-5.13
Linux-Gcp-5.15
Linux-Gcp-5.19
Linux-Gcp-5.3
Linux-Gcp-5.8
Linux-Gcp-6.11
Linux-Gcp-6.14
Linux-Gcp-6.17
Linux-Gcp-6.2
Linux-Gcp-6.5
Linux-Gcp-6.8
Linux-Gcp-Fips
Linux-Gke
Linux-Gke-4.15
Linux-Gkeop-5.15
Linux-Gke-5.4
Linux-Gkeop
Linux-Hwe
Linux-Hwe-5.11
Linux-Hwe-5.13
Linux-Hwe-5.15
Linux-Hwe-5.19
Linux-Hwe-5.8
Linux-Hwe-6.11
Linux-Hwe-6.14
Linux-Hwe-6.17
Linux-Hwe-6.2
Linux-Hwe-6.5
Linux-Hwe-6.8
Linux-Hwe-Edge
Linux-Ibm
Linux-Ibm-5.15
Linux-Ibm-6.8
Linux-Intel-5.13
Linux-Intel-Iot-Realtime
Linux-Intel-Iotg
Linux-Intel-Iotg-5.15
Linux-Kvm
Linux-Lowlatency
Linux-Lowlatency-Hwe-5.15
Linux-Lowlatency-Hwe-5.19
Linux-Lowlatency-Hwe-6.11
Linux-Lowlatency-Hwe-6.2
Linux-Lowlatency-Hwe-6.5
Linux-Lowlatency-Hwe-6.8
Linux-Lts
Linux-Nvidia
Linux-Nvidia-6.11
Linux-Nvidia-6.2
Linux-Nvidia-6.5
Linux-Nvidia-6.8
Linux-Nvidia-Lowlatency
Linux-Nvidia-Tegra
Linux-Nvidia-Tegra-5.15
Linux-Nvidia-Tegra-Igx
Linux-Oem
Linux-Oem-5.10
Linux-Oem-5.13
Linux-Oem-5.14
Linux-Oem-5.17
Linux-Oem-5.6
Linux-Oem-6.0
Linux-Oem-6.1
Linux-Oem-6.11
Linux-Oem-6.14
Linux-Oem-6.17
Linux-Oem-6.5
Linux-Oem-6.8
Linux-Oracle
Linux-Oracle-5.0
Linux-Oracle-5.11
Linux-Oracle-5.13
Linux-Oracle-5.15
Linux-Oracle-5.3
Linux-Oracle-5.8
Linux-Oracle-6.14
Linux-Oracle-6.17
Linux-Oracle-6.5
Linux-Oracle-6.8
Linux-Raspi
Linux-Raspi-Realtime
Linux-Raspi2
Linux-Realtime
Linux-Realtime-6.14
Linux-Realtime-6.17
Linux-Realtime-6.8
Linux-Riscv
Linux-Riscv-5.11
Linux-Riscv-5.15
Linux-Riscv-5.19
Linux-Riscv-5.8
Linux-Riscv-6.14
Linux-Riscv-6.17
Linux-Riscv-6.5
Linux-Riscv-6.8
Linux-Starfive-5.19
Linux-Starfive-6.2
Linux-Starfive-6.5
Linux-Xilinx
Linux-Xilinx-Zynqmp
Linux Kernel