Description
In the Linux kernel, the following vulnerability has been resolved:

ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access

Number of MW LUTs depends on NTB configuration and can be set to MAX_MWS,
This patch protects against invalid index out of bounds access to mw_sizes
When invalid access print message to user that configuration is not valid.
Published: 2026-05-06
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The ntb_hw_switchtec driver in the Linux kernel contained an array-index-out-of-bounds issue that arises when the number of middleware LUTs derived from an NTB configuration exceeds the bounds of the mw_sizes array. Prior to the patch, an out-of-bounds access could read or write kernel memory beyond its allocated boundary, potentially leading to unintended kernel behavior or instability. The commit adds a bounds check and refuses the invalid configuration, emitting a warning that the configuration is not valid.

Affected Systems

All Linux kernel builds that include the ntb_hw_switchtec driver and have not incorporated the patch commit are affected. No specific kernel release is identified, so any kernel version prior to the inclusion of the bounds check is at risk. The generic CPE indicates the Linux kernel, and the vendor product list only references Linux kernels in general.

Risk and Exploitability

EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog. No CVSS score is provided. The likely attack vector is an invalid NTB configuration supplied by a device connected to the NTB interface, which may be feasible from an untrusted source. Because the failure mode is an out-of-bounds access in kernel space, an attacker could theoretically destabilise the kernel, causing a denial‑of‑service or other impacts. No public exploit has been reported at this time.

Generated by OpenCVE AI on May 7, 2026 at 02:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version containing the ntb_hw_switchtec array-index-out-of-bounds patch
  • If an immediate kernel upgrade is not feasible, ensure that NTB devices use only valid configurations as documented and consider disabling the ntb_hw_switchtec driver on untrusted systems
  • Monitor system logs for the warning emitted by the driver and treat any occurrence as a potential configuration issue or integrity flag

Generated by OpenCVE AI on May 7, 2026 at 02:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1285
References

Wed, 06 May 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-129

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access Number of MW LUTs depends on NTB configuration and can be set to MAX_MWS, This patch protects against invalid index out of bounds access to mw_sizes When invalid access print message to user that configuration is not valid.
Title ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-06T11:28:34.927Z

Reserved: 2026-05-01T14:12:55.995Z

Link: CVE-2026-43241

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:44.460

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43241

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43241 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T02:45:06Z

Weaknesses