Description
In the Linux kernel, the following vulnerability has been resolved:

ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut

Number of MW LUTs depends on NTB configuration and can be set to zero,
in such scenario rounddown_pow_of_two will cause undefined behaviour and
should not be performed.
This patch ensures that rounddown_pow_of_two is called on valid value.
Published: 2026-05-06
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A shift‑out‑of‑bounds error occurs in the Linux kernel’s NTB switchtec driver when the number of MW Look‑Up Tables (LUTs) is set to zero. The rounddown_pow_of_two function was called with a zero value, which triggers undefined behavior. This can cause a kernel crash or panic, potentially leading to a denial of service.

Affected Systems

The vulnerability affects any Linux system that loads the ntb_hw_switchtec driver and configures the NTB with zero MW LUTs. The exact kernel version range is not specified, so all kernel releases that contain the vulnerable code before the patch are affected.

Risk and Exploitability

Because the flaw is in the kernel, it carries a significant impact if exploitable. The EPSS score of < 1% indicates a very low probability of exploitation, and the vulnerability is not listed in KEV. The most likely attack vector would involve local or physical access to the NTB device, or a compromise that can alter driver configuration. Applying the patch that guards against the zero‑value case mitigates the risk.

Generated by OpenCVE AI on May 14, 2026 at 00:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the fix for ntb_hw_switchtec, referencing the kernel commits provided in the advisory.
  • If an immediate kernel upgrade is not possible, disable or unload the ntb driver (`rmmod ntb_hw_switchtec`) to prevent use of the vulnerable logic.
  • Monitor kernel logs for messages related to NTB or potential crashes that might indicate an exploitation attempt.

Generated by OpenCVE AI on May 14, 2026 at 00:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
History

Wed, 13 May 2026 23:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
CWE-682

Wed, 13 May 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
References

Wed, 06 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
CWE-682

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut Number of MW LUTs depends on NTB configuration and can be set to zero, in such scenario rounddown_pow_of_two will cause undefined behaviour and should not be performed. This patch ensures that rounddown_pow_of_two is called on valid value.
Title ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:18:33.118Z

Reserved: 2026-05-01T14:12:55.989Z

Link: CVE-2026-43141

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:31.493

Modified: 2026-05-13T20:52:24.240

Link: CVE-2026-43141

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43141 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T00:30:07Z

Weaknesses