CVE-2026-43241
Analyzed Analyzed - Analysis Complete

ntb_hw_switchtec Array Index Out of Bounds in Linux Kernel

Vulnerability report for CVE-2026-43241, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-06

Last updated on: 2026-05-11

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access Number of MW LUTs depends on NTB configuration and can be set to MAX_MWS, This patch protects against invalid index out of bounds access to mw_sizes When invalid access print message to user that configuration is not valid.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-06
Last Modified
2026-05-11
Generated
2026-07-06
AI Q&A
2026-05-06
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.2 (inc) to 6.6.128 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.16 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.202 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.165 (exc)
linux linux_kernel From 4.15 (inc) to 5.10.252 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an array-index-out-of-bounds access issue in the Linux kernel component ntb_hw_switchtec. It occurs because the number of Memory Window (MW) Look-Up Tables (LUTs) depends on the NTB configuration and can be set to a maximum value (MAX_MWS). Without proper checks, the code could access the mw_sizes array with an invalid index, leading to out-of-bounds access.

The vulnerability has been fixed by adding protection against invalid index access. When an invalid access is attempted, the system now prints a message to the user indicating that the configuration is not valid.

Impact Analysis

An array-index-out-of-bounds vulnerability can potentially lead to undefined behavior such as system crashes, memory corruption, or security issues like privilege escalation or information disclosure. In this specific case, accessing mw_sizes with an invalid index could cause instability or unexpected behavior in the Linux kernel's NTB hardware switchtec driver.

However, the patch protects against invalid access by validating the index and notifying the user if the configuration is invalid, which mitigates the risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43241. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart