CVE-2026-43241
ntb_hw_switchtec Array Index Out of Bounds in Linux Kernel
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an array-index-out-of-bounds access issue in the Linux kernel component ntb_hw_switchtec. It occurs because the number of Memory Window (MW) Look-Up Tables (LUTs) depends on the NTB configuration and can be set to a maximum value (MAX_MWS). Without proper checks, the code could access the mw_sizes array with an invalid index, leading to out-of-bounds access.
The vulnerability has been fixed by adding protection against invalid index access. When an invalid access is attempted, the system now prints a message to the user indicating that the configuration is not valid.
How can this vulnerability impact me? :
An array-index-out-of-bounds vulnerability can potentially lead to undefined behavior such as system crashes, memory corruption, or security issues like privilege escalation or information disclosure. In this specific case, accessing mw_sizes with an invalid index could cause instability or unexpected behavior in the Linux kernel's NTB hardware switchtec driver.
However, the patch protects against invalid access by validating the index and notifying the user if the configuration is invalid, which mitigates the risk.