CVE-2026-23180

Feb. 14, 2026, 5:15 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: add bounds check for if_id in IRQ handler The IRQ handler extracts if_id from the upper 16 bits of the hardware status register and uses it to index into ethsw->ports[] without validation. Since if_id can be any 16-bit value (0-65535) but the ports array is only allocated with sw_attr.num_ifs elements, this can lead to an out-of-bounds read potentially. Add a bounds check before accessing the array, consistent with the existing validation in dpaa2_switch_rx().

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/1b381a638e1851d8cfdfe08ed9cdbec5295b18c9
https://git.kernel.org/stable/c/2447edc367800ba914acf7ddd5d250416b45fb31
https://git.kernel.org/stable/c/31a7a0bbeb006bac2d9c81a2874825025214b6d8
https://git.kernel.org/stable/c/34b56c16efd61325d80bf1d780d0e176be662f59
https://git.kernel.org/stable/c/77611cab5bdfff7a070ae574bbfba20a1de99d1b
https://git.kernel.org/stable/c/f89e33c9c37f0001b730e23b3b05ab7b1ecface2

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2026-02-14
CVE-2026-23180

Timeline

Published: Feb. 14, 2026, 5:15 p.m.
Last Modified: Feb. 14, 2026, 5:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.