CVE-2026-23180

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the dpaa2-switch component. The IRQ handler extracts if id from the hardware status register and uses it to index into the ethsw->ports[] array without proper validation. Because if id can be any 16-bit value, but the ports array size is limited by sw attr.num ifs, this can lead to an out-of-bounds read. A bounds check has been added to the IRQ handler to prevent this issue, consistent with existing validation in dpaa2 switch rx().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.