{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23422", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.015Z", "datePublished": "2026-04-03T13:24:31.281Z", "dateUpdated": "2026-05-11T22:06:36.058Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:06:36.058Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler\n\nCommit 31a7a0bbeb00 (\"dpaa2-switch: add bounds check for if_id in IRQ\nhandler\") introduces a range check for if_id to avoid an out-of-bounds\naccess. If an out-of-bounds if_id is detected, the interrupt status is\nnot cleared. This may result in an interrupt storm.\n\nClear the interrupt status after detecting an out-of-bounds if_id to avoid\nthe problem.\n\nFound by an experimental AI code review agent at Google."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c"], "versions": [{"version": "77611cab5bdfff7a070ae574bbfba20a1de99d1b", "lessThan": "7def51cb9fb8b8d5342443372b8cf28d8fbd7f3d", "status": "affected", "versionType": "git"}, {"version": "34b56c16efd61325d80bf1d780d0e176be662f59", "lessThan": "b5bababe7703a7322bc59b803ab1587887a2a5e4", "status": "affected", "versionType": "git"}, {"version": "f89e33c9c37f0001b730e23b3b05ab7b1ecface2", "lessThan": "c7becfe3e604d138bd53b8ac3111b2b3e8ec6b0e", "status": "affected", "versionType": "git"}, {"version": "2447edc367800ba914acf7ddd5d250416b45fb31", "lessThan": "fa4412cdc5178a48799bafcb8af28fd2fbf3d703", "status": "affected", "versionType": "git"}, {"version": "1b381a638e1851d8cfdfe08ed9cdbec5295b18c9", "lessThan": "00f42ace446f1e4bf84988f2281131f52cd32796", "status": "affected", "versionType": "git"}, {"version": "31a7a0bbeb006bac2d9c81a2874825025214b6d8", "lessThan": "28fd8ac1d49389cb230d712116f54e27ebec11b8", "status": "affected", "versionType": "git"}, {"version": "31a7a0bbeb006bac2d9c81a2874825025214b6d8", "lessThan": "74badb9c20b1a9c02a95c735c6d3cd6121679c93", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c"], "versions": [{"version": "6.19", "status": "affected"}, {"version": "0", "lessThan": "6.19", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.200", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.163", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.124", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12.70", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18.10", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7def51cb9fb8b8d5342443372b8cf28d8fbd7f3d"}, {"url": "https://git.kernel.org/stable/c/b5bababe7703a7322bc59b803ab1587887a2a5e4"}, {"url": "https://git.kernel.org/stable/c/c7becfe3e604d138bd53b8ac3111b2b3e8ec6b0e"}, {"url": "https://git.kernel.org/stable/c/fa4412cdc5178a48799bafcb8af28fd2fbf3d703"}, {"url": "https://git.kernel.org/stable/c/00f42ace446f1e4bf84988f2281131f52cd32796"}, {"url": "https://git.kernel.org/stable/c/28fd8ac1d49389cb230d712116f54e27ebec11b8"}, {"url": "https://git.kernel.org/stable/c/74badb9c20b1a9c02a95c735c6d3cd6121679c93"}], "title": "dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "63DFD51E-A9F5-4387-ABA4-525154CD3972", "versionEndExcluding": "5.15.203", "versionStartIncluding": "5.15.200", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "73CD421D-F2A3-4142-A9A2-47683BB9ABD4", "versionEndExcluding": "6.1.167", "versionStartIncluding": "6.1.163", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1C9B72D-1F0E-488D-AE95-ADE16C092AF0", "versionEndExcluding": "6.6.130", "versionStartIncluding": "6.6.124", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "15DA5431-2634-4814-9C20-456B79A8EBBF", "versionEndExcluding": "6.12.77", "versionStartIncluding": "6.12.70", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8AAEDCA3-6D4E-4846-979A-3E28B6C95113", "versionEndExcluding": "6.18.17", "versionStartIncluding": "6.18.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8ACF56ED-6FE0-41DE-BECE-41134CC7BD44", "versionEndExcluding": "6.19.7", "versionStartIncluding": "6.19.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:-:*:*:*:*:*:*", "matchCriteriaId": "35C8A871-4971-433E-A046-FC9F7B7D190A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler\n\nCommit 31a7a0bbeb00 (\"dpaa2-switch: add bounds check for if_id in IRQ\nhandler\") introduces a range check for if_id to avoid an out-of-bounds\naccess. If an out-of-bounds if_id is detected, the interrupt status is\nnot cleared. This may result in an interrupt storm.\n\nClear the interrupt status after detecting an out-of-bounds if_id to avoid\nthe problem.\n\nFound by an experimental AI code review agent at Google."}], "id": "CVE-2026-23422", "lastModified": "2026-04-24T15:21:10.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-03T14:16:28.320", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/00f42ace446f1e4bf84988f2281131f52cd32796"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/28fd8ac1d49389cb230d712116f54e27ebec11b8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/74badb9c20b1a9c02a95c735c6d3cd6121679c93"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7def51cb9fb8b8d5342443372b8cf28d8fbd7f3d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b5bababe7703a7322bc59b803ab1587887a2a5e4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c7becfe3e604d138bd53b8ac3111b2b3e8ec6b0e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fa4412cdc5178a48799bafcb8af28fd2fbf3d703"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"csaw": false, "cwe": "CWE-392", "details": ["A flaw was found in the Linux kernel's dpaa2-switch component. When an out-of-bounds interface identifier (if_id) is detected in the interrupt handler, the interrupt status is not properly cleared. This oversight can lead to an interrupt storm, resulting in a Denial of Service (DoS) condition for the system."], "name": "CVE-2026-23422", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23422\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23422\nhttps://lore.kernel.org/linux-cve-announce/2026040304-CVE-2026-23422-1e6f@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[34b56c16efd61325d80bf1d780d0e176be662f59,b5bababe7703a7322bc59b803ab1587887a2a5e4)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f89e33c9c37f0001b730e23b3b05ab7b1ecface2,c7becfe3e604d138bd53b8ac3111b2b3e8ec6b0e)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[2447edc367800ba914acf7ddd5d250416b45fb31,fa4412cdc5178a48799bafcb8af28fd2fbf3d703)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1b381a638e1851d8cfdfe08ed9cdbec5295b18c9,00f42ace446f1e4bf84988f2281131f52cd32796)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[31a7a0bbeb006bac2d9c81a2874825025214b6d8,28fd8ac1d49389cb230d712116f54e27ebec11b8)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[31a7a0bbeb006bac2d9c81a2874825025214b6d8,74badb9c20b1a9c02a95c735c6d3cd6121679c93)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "77611cab5bdfff7a070ae574bbfba20a1de99d1b"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.19"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.19)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.1.167,6.2.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.6.130,6.7.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.12.77,6.13.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.18.17,6.19.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19.7,6.20.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T21:51:36.729217+00:00", "value": {"mitigation_remediation": ["Apply kernel updates that include commit 31a7a0bbeb00 or later.", "Rebuild the kernel with the updated dpaa2\u2011switch module if using a custom kernel.", "If an upgrade is not immediately possible, disable the dpaa2\u2011switch driver or uninstall the affected device driver to prevent the interrupt storm.", "Verify that the interrupt status is cleared for all if_id values by inspecting relevant kernel logs after the update."], "summary": {"action": "Patch Now", "impact": "Interrupt Storm causing potential DoS"}, "threat_synthesis": {"affected_systems": "Linux kernel systems that include the dpaa2\u2011switch driver are affected. The flaw existed in kernel releases prior to the inclusion of commit 31a7a0bbeb00, which added a bounds check and corrected the interrupt handling. Specific kernel version ranges are not listed, so any kernel build that has not integrated this commit should be considered vulnerable.", "description_and_impact": "The dpaa2-switch driver in the Linux kernel had an out\u2011of\u2011bounds check for interface identifiers in its interrupt handler. When a boundary violation was detected, the interrupt status was not cleared, leading to repeated spurious interrupts, known as an interrupt storm. This can exhaust CPU resources, degrade performance, or render the system unresponsive, effectively a denial\u2011of\u2011service condition. The underlying weakness is captured by CWE\u2011392, Unchecked Input Leading to Out\u2011of\u2011Bounds Access.", "risk_and_exploitability": "The exploitability is low, as indicated by an EPSS score of less than 1\u202f%, and the vulnerability is not listed in the CISA KEV catalog. The CVSS score of 7.8 indicates high severity. Nonetheless, an attacker who can trigger a bad interface identifier\u2014most likely through malformed network traffic to the affected device\u2014could initiate an interrupt storm and cause service disruption. The risk is therefore primarily a local denial\u2011of\u2011service, but remote exploitation via network traffic is plausible given the nature of the driver."}}}}, "created": "2026-04-03T21:14:16.661837+00:00", "updated": "2026-04-28T22:00:14.126886+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}