2467241 – (CVE-2026-43274) CVE-2026-43274 kernel: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()

Bug 2467241 (CVE-2026-43274) - CVE-2026-43274 kernel: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()

Summary: CVE-2026-43274 kernel: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mch...

Keywords:
Status:	NEW
Alias:	CVE-2026-43274
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-06 13:12 UTC by OSIDB Bzimport
Modified:	2026-05-06 14:05 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-06 13:12:36 UTC

In the Linux kernel, the following vulnerability has been resolved:

mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()

The cluster_cfg array is dynamically allocated to hold per-CPU
configuration structures, with its size based on the number of online
CPUs. Previously, this array was indexed using hartid, which may be
non-contiguous or exceed the bounds of the array, leading to
out-of-bounds access.
Switch to using cpuid as the index, as it is guaranteed to be within
the valid range provided by for_each_online_cpu().

Comment 1 Vipul Nair 2026-05-06 14:00:23 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050611-CVE-2026-43274-7e15@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.