CVE-2026-43274

mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()

Assigner: Linux
Reserved: 01.05.2026 Published: 06.05.2026 Updated: 06.05.2026

In the Linux kernel, the following vulnerability has been resolved:

mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()

The cluster_cfg array is dynamically allocated to hold per-CPU configuration structures, with its size based on the number of online CPUs. Previously, this array was indexed using hartid, which may be non-contiguous or exceed the bounds of the array, leading to out-of-bounds access. Switch to using cpuid as the index, as it is guaranteed to be within the valid range provided by for_each_online_cpu().

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 95438699c92947155823dcd3918049a07f3cd867 (excl.) affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 0442b6229e2eedc95a6d3d18ce75dec7f5b5377c (excl.) affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to f7c330a8c83c9b0332fd524097eaf3e69148164d (excl.)

Vendor

Linux

Product

Linux

Versions

Default: unaffected

affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 95438699c92947155823dcd3918049a07f3cd867 (excl.)
affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 0442b6229e2eedc95a6d3d18ce75dec7f5b5377c (excl.)
affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to f7c330a8c83c9b0332fd524097eaf3e69148164d (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected unaffected from 6.18.16 to 6.18.* (incl.) unaffected from 6.19.6 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

Vendor

Linux

Product

Linux

Versions

Default: affected

unaffected from 6.18.16 to 6.18.* (incl.)
unaffected from 6.19.6 to 6.19.* (incl.)
unaffected from 7.0 to * (incl.)

References

CVE-2026-43274 PUBLISHED

mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()

Product Status

References