CVE-2026-23422 | Linux Kernel up to 7.0-rc2 dpaa2-switch out-of-bounds

VDB-355092 · CVE-2026-23422 · GCVE-0-2026-23422 LINUX KERNEL UP TO 7.0-RC2 DPAA2-SWITCH OUT-OF-BOUNDS HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 3.4 $0-$5k 0.55+ Summaryinfo A vulnerability labeled as critical has been found in Linux Kernel up to 7.0-rc2. Affected by this issue is some unknown functionality of the component dpaa2-switch. The manipulation results in out-of-bounds. This vulnerability is reported as CVE-2026-23422. No exploit exists. The affected component should be upgraded. Detailsinfo A vulnerability was found in Linux Kernel up to 7.0-rc2. It has been classified as problematic. Affected is an unknown part of the component dpaa2-switch. The manipulation with an unknown input leads to a out-of-bounds vulnerability. CWE is classifying the issue as CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. This is going to have an impact on confidentiality. CVE summarizes: In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler Commit 31a7a0bbeb00 ("dpaa2-switch: add bounds check for if_id in IRQ handler") introduces a range check for if_id to avoid an out-of-bounds access. If an out-of-bounds if_id is detected, the interrupt status is not cleared. This may result in an interrupt storm. Clear the interrupt status after detecting an out-of-bounds if_id to avoid the problem. Found by an experimental AI code review agent at Google. The advisory is shared for download at git.kernel.org. This vulnerability is traded as CVE-2026-23422 since 01/13/2026. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 04/03/2026). Upgrading to version 6.1.167, 6.6.130, 6.12.77, 6.18.17, 6.19.7 or 7.0-rc3 eliminates this vulnerability. Applying the patch b5bababe7703a7322bc59b803ab1587887a2a5e4/c7becfe3e604d138bd53b8ac3111b2b3e8ec6b0e/fa4412cdc5178a48799bafcb8af28fd2fbf3d703/00f42ace446f1e4bf84988f2281131f52cd32796/28fd8ac1d49389cb230d712116f54e27ebec11b8/74badb9c20b1a9c02a95c735c6d3cd6121679c93 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version. Productinfo Type Operating System Vendor Linux Name Kernel Version 6.1.166 6.6.129 6.12.0 6.12.1 6.12.2 6.12.3 6.12.4 6.12.5 6.12.6 6.12.7 6.12.8 6.12.9 6.12.10 6.12.11 6.12.12 6.12.13 6.12.14 6.12.15 6.12.16 6.12.17 6.12.18 6.12.19 6.12.20 6.12.21 6.12.22 6.12.23 6.12.24 6.12.25 6.12.26 6.12.27 6.12.28 6.12.29 6.12.30 6.12.31 6.12.32 6.12.33 6.12.34 6.12.35 6.12.36 6.12.37 6.12.38 6.12.39 6.12.40 6.12.41 6.12.42 6.12.43 6.12.44 6.12.45 6.12.46 6.12.47 6.12.48 6.12.49 6.12.50 6.12.51 6.12.52 6.12.53 6.12.54 6.12.55 6.12.56 6.12.57 6.12.58 6.12.59 6.12.60 6.12.61 6.12.62 6.12.63 6.12.64 6.12.65 6.12.66 6.12.67 6.12.68 6.12.69 6.12.70 6.12.71 6.12.72 6.12.73 6.12.74 6.12.75 6.12.76 6.18.0 6.18.1 6.18.2 6.18.3 6.18.4 6.18.5 6.18.6 6.18.7 6.18.8 6.18.9 6.18.10 6.18.11 6.18.12 6.18.13 6.18.14 6.18.15 6.18.16 6.19.0 6.19.1 6.19.2 6.19.3 6.19.4 6.19.5 6.19.6 7.0-rc1 7.0-rc2 License open-source Website Vendor: https://www.kernel.org/ CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 3.5 VulDB Meta Temp Score: 3.4 VulDB Base Score: 3.5 VulDB Temp Score: 3.4 VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Out-of-bounds CWE: CWE-125 / CWE-119 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Partially Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: Kernel 6.1.167/6.6.130/6.12.77/6.18.17/6.19.7/7.0-rc3 Patch: b5bababe7703a7322bc59b803ab1587887a2a5e4/c7becfe3e604d138bd53b8ac3111b2b3e8ec6b0e/fa4412cdc5178a48799bafcb8af28fd2fbf3d703/00f42ace446f1e4bf84988f2281131f52cd32796/28fd8ac1d49389cb230d712116f54e27ebec11b8/74badb9c20b1a9c02a95c735c6d3cd6121679c93 Timelineinfo 01/13/2026 CVE reserved 04/03/2026 +79 days Advisory disclosed 04/03/2026 +0 days VulDB entry created 04/03/2026 +0 days VulDB entry last update Sourcesinfo Vendor: kernel.org Advisory: git.kernel.org Status: Confirmed CVE: CVE-2026-23422 (🔒) GCVE (CVE): GCVE-0-2026-23422 GCVE (VulDB): GCVE-100-355092 Entryinfo Created: 04/03/2026 17:02 Changes: 04/03/2026 17:02 (58) Complete: 🔍 Cache ID: 99:1A8:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸