CVE-2026-23422 - Vulnerability Details

- dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler

Description

In the Linux kernel, the following vulnerability has been resolved:

dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler

Commit 31a7a0bbeb00 ("dpaa2-switch: add bounds check for if_id in IRQ
handler") introduces a range check for if_id to avoid an out-of-bounds
access. If an out-of-bounds if_id is detected, the interrupt status is
not cleared. This may result in an interrupt storm.

Clear the interrupt status after detecting an out-of-bounds if_id to avoid
the problem.

Found by an experimental AI code review agent at Google.

Published: 2026-04-03

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The dpaa2-switch driver in the Linux kernel had an out‑of‑bounds check for interface identifiers in its interrupt handler. When a boundary violation was detected, the interrupt status was not cleared, leading to repeated spurious interrupts, known as an interrupt storm. This can exhaust CPU resources, degrade performance, or render the system unresponsive, effectively a denial‑of‑service condition. The underlying weakness is captured by CWE‑392, Unchecked Input Leading to Out‑of‑Bounds Access.

Affected Systems

Linux kernel systems that include the dpaa2‑switch driver are affected. The flaw existed in kernel releases prior to the inclusion of commit 31a7a0bbeb00, which added a bounds check and corrected the interrupt handling. Specific kernel version ranges are not listed, so any kernel build that has not integrated this commit should be considered vulnerable.

Risk and Exploitability

The exploitability is low, as indicated by an EPSS score of less than 1 %, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, an attacker who can trigger a bad interface identifier—most likely through malformed network traffic to the affected device—could initiate an interrupt storm and cause service disruption. The risk is therefore primarily a local denial‑of‑service, but remote exploitation via network traffic is plausible given the nature of the driver.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`34b56c16efd61325d80bf1d780d0e176be662f59`	affected	< b5bababe7703a7322bc59b803ab1587887a2a5e4
`f89e33c9c37f0001b730e23b3b05ab7b1ecface2`	affected	< c7becfe3e604d138bd53b8ac3111b2b3e8ec6b0e
`2447edc367800ba914acf7ddd5d250416b45fb31`	affected	< fa4412cdc5178a48799bafcb8af28fd2fbf3d703
`1b381a638e1851d8cfdfe08ed9cdbec5295b18c9`	affected	< 00f42ace446f1e4bf84988f2281131f52cd32796
`31a7a0bbeb006bac2d9c81a2874825025214b6d8`	affected	< 28fd8ac1d49389cb230d712116f54e27ebec11b8
`31a7a0bbeb006bac2d9c81a2874825025214b6d8`	affected	< 74badb9c20b1a9c02a95c735c6d3cd6121679c93
`77611cab5bdfff7a070ae574bbfba20a1de99d1b`	affected	—

Linux

affected

Version	Status	Constraints
`6.19`	affected	—
`0`	unaffected	< 6.19
`6.1.167`	unaffected	≤ 6.1.*
`6.6.130`	unaffected	≤ 6.6.*
`6.12.77`	unaffected	≤ 6.12.*
`6.18.17`	unaffected	≤ 6.18.*
`6.19.7`	unaffected	≤ 6.19.*
`7.0-rc3`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[34b56c16efd61325d80bf1d780d0e176be662f59,b5bababe7703a7322bc59b803ab1587887a2a5e4)`	affected	code_commit	—
`[f89e33c9c37f0001b730e23b3b05ab7b1ecface2,c7becfe3e604d138bd53b8ac3111b2b3e8ec6b0e)`	affected	code_commit	—
`[2447edc367800ba914acf7ddd5d250416b45fb31,fa4412cdc5178a48799bafcb8af28fd2fbf3d703)`	affected	code_commit	—
`[1b381a638e1851d8cfdfe08ed9cdbec5295b18c9,00f42ace446f1e4bf84988f2281131f52cd32796)`	affected	code_commit	—
`[31a7a0bbeb006bac2d9c81a2874825025214b6d8,28fd8ac1d49389cb230d712116f54e27ebec11b8)`	affected	code_commit	—
`[31a7a0bbeb006bac2d9c81a2874825025214b6d8,74badb9c20b1a9c02a95c735c6d3cd6121679c93)`	affected	code_commit	—
`77611cab5bdfff7a070ae574bbfba20a1de99d1b`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.19`	affected	generic	—
`[0,6.19)`	unaffected	generic	—
`[6.1.167,6.2.0]`	unaffected	generic	—
`[6.6.130,6.7.0]`	unaffected	generic	—
`[6.12.77,6.13.0]`	unaffected	generic	—
`[6.18.17,6.19.0]`	unaffected	generic	—
`[6.19.7,6.20.0]`	unaffected	generic	—
`[7.0-rc3,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply kernel updates that include commit 31a7a0bbeb00 or later.
Rebuild the kernel with the updated dpaa2‑switch module if using a custom kernel.
If an upgrade is not immediately possible, disable the dpaa2‑switch driver or uninstall the affected device driver to prevent the interrupt storm.
Verify that the interrupt status is cleared for all if_id values by inspecting relevant kernel logs after the update.

Generated by OpenCVE AI on April 7, 2026 at 09:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/00f42ace446f1e4bf84988f2281131f52cd32796
https://git.kernel.org/stable/c/28fd8ac1d49389cb230d712116f54e27ebec11b8
https://git.kernel.org/stable/c/74badb9c20b1a9c02a95c735c6d3cd6121679c93
https://git.kernel.org/stable/c/b5bababe7703a7322bc59b803ab1587887a2a5e4
https://git.kernel.org/stable/c/c7becfe3e604d138bd53b8ac3111b2b3e8ec6b0e
https://git.kernel.org/stable/c/fa4412cdc5178a48799bafcb8af28fd2fbf3d703
https://lore.kernel.org/linux-cve-announce/2026040304-CVE-2026-23422-1e6f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23422
https://www.cve.org/CVERecord?id=CVE-2026-23422

History

Tue, 07 Apr 2026 08:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-20 CWE-400

Sat, 04 Apr 2026 01:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-392
References		https://lore.kernel.org/linux-cve-announce/2026040304-CVE-2026-23422-1e6f@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23422 https://www.cve.org/CVERecord?id=CVE-2026-23422

Fri, 03 Apr 2026 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-20 CWE-400

Fri, 03 Apr 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler Commit 31a7a0bbeb00 ("dpaa2-switch: add bounds check for if_id in IRQ handler") introduces a range check for if_id to avoid an out-of-bounds access. If an out-of-bounds if_id is detected, the interrupt status is not cleared. This may result in an interrupt storm. Clear the interrupt status after detecting an out-of-bounds if_id to avoid the problem. Found by an experimental AI code review agent at Google.
Title		dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/00f42ace446f1e4bf84988f2281131f52cd32796 https://git.kernel.org/stable/c/28fd8ac1d49389cb230d712116f54e27ebec11b8 https://git.kernel.org/stable/c/74badb9c20b1a9c02a95c735c6d3cd6121679c93 https://git.kernel.org/stable/c/b5bababe7703a7322bc59b803ab1587887a2a5e4 https://git.kernel.org/stable/c/c7becfe3e604d138bd53b8ac3111b2b3e8ec6b0e https://git.kernel.org/stable/c/fa4412cdc5178a48799bafcb8af28fd2fbf3d703

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-03T13:24:31.281Z

Updated: 2026-04-03T13:24:31.281Z

Reserved: 2026-01-13T15:37:46.015Z

Link: CVE-2026-23422

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-04-03T14:16:28.320

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-23422

Redhat

Severity :

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23422 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-08T19:54:15Z

Weaknesses

CWE-392

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object