Out-of-Bounds Access Vulnerability in Linux Kernel Affecting Multiple Products
CVE-2026-43274

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43274?

An out-of-bounds access vulnerability was found in the Linux kernel's mchp_ipc_get_cluster_aggr_irq function. The issue arises from the cluster_cfg array being indexed incorrectly using hartid, which can be non-contiguous. This can lead to accessing memory locations beyond the allocated bounds. The vulnerability has been addressed by changing the indexing to cpuid, ensuring that it remains within a valid range, thereby enhancing the kernel's security.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 95438699c92947155823dcd3918049a07f3cd867

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0442b6229e2eedc95a6d3d18ce75dec7f5b5377c

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/95438699c92947155823dcd39...

https://git.kernel.org/stable/c/0442b6229e2eedc95a6d3d18c...

https://git.kernel.org/stable/c/f7c330a8c83c9b0332fd52409...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43274 Data

JSON