CVE-2026-43274
Out-of-Bounds Access in Linux Kernel mailbox Subsystem
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mchp | ipc | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's mailbox driver for mchp-ipc-sbi. It involves an out-of-bounds access in the function mchp_ipc_get_cluster_aggr_irq().
The issue arises because the cluster_cfg array, which holds per-CPU configuration structures, was indexed using hartid. Hartid values may be non-contiguous or exceed the array bounds, causing invalid memory access.
The fix changes the indexing to use cpuid, which is guaranteed to be within the valid range of online CPUs, preventing out-of-bounds access.
How can this vulnerability impact me? :
An out-of-bounds access vulnerability can lead to undefined behavior such as system crashes, data corruption, or potential escalation of privileges if exploited.
Since this vulnerability involves kernel memory access, it could compromise system stability and security, potentially allowing attackers to execute arbitrary code or cause denial of service.