CVE-2026-43241
Analyzed Analyzed - Analysis Complete
ntb_hw_switchtec Array Index Out of Bounds in Linux Kernel

Publication date: 2026-05-06

Last updated on: 2026-05-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access Number of MW LUTs depends on NTB configuration and can be set to MAX_MWS, This patch protects against invalid index out of bounds access to mw_sizes When invalid access print message to user that configuration is not valid.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-11
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43241
EUVD
EUVD-2026-27804
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.2 (inc) to 6.6.128 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.16 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.202 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.165 (exc)
linux linux_kernel From 4.15 (inc) to 5.10.252 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an array-index-out-of-bounds access issue in the Linux kernel component ntb_hw_switchtec. It occurs because the number of Memory Window (MW) Look-Up Tables (LUTs) depends on the NTB configuration and can be set to a maximum value (MAX_MWS). Without proper checks, the code could access the mw_sizes array with an invalid index, leading to out-of-bounds access.

The vulnerability has been fixed by adding protection against invalid index access. When an invalid access is attempted, the system now prints a message to the user indicating that the configuration is not valid.

Impact Analysis

An array-index-out-of-bounds vulnerability can potentially lead to undefined behavior such as system crashes, memory corruption, or security issues like privilege escalation or information disclosure. In this specific case, accessing mw_sizes with an invalid index could cause instability or unexpected behavior in the Linux kernel's NTB hardware switchtec driver.

However, the patch protects against invalid access by validating the index and notifying the user if the configuration is invalid, which mitigates the risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43241. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart