CVE-2026-43274
Undergoing Analysis Undergoing Analysis - In Progress
Out-of-Bounds Access in Linux Kernel mailbox Subsystem

Publication date: 2026-05-06

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq() The cluster_cfg array is dynamically allocated to hold per-CPU configuration structures, with its size based on the number of online CPUs. Previously, this array was indexed using hartid, which may be non-contiguous or exceed the bounds of the array, leading to out-of-bounds access. Switch to using cpuid as the index, as it is guaranteed to be within the valid range provided by for_each_online_cpu().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-08
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-43274
EUVD
EUVD-2026-27669
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 6.14 (inc) to 6.18.16 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's mailbox driver for mchp-ipc-sbi. It involves an out-of-bounds access in the function mchp_ipc_get_cluster_aggr_irq().

The issue arises because the cluster_cfg array, which holds per-CPU configuration structures, was indexed using hartid. Hartid values may be non-contiguous or exceed the array bounds, causing invalid memory access.

The fix changes the indexing to use cpuid, which is guaranteed to be within the valid range of online CPUs, preventing out-of-bounds access.

Impact Analysis

An out-of-bounds access vulnerability can lead to undefined behavior such as system crashes, data corruption, or potential escalation of privileges if exploited.

Since this vulnerability involves kernel memory access, it could compromise system stability and security, potentially allowing attackers to execute arbitrary code or cause denial of service.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43274. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart