{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23422", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.015Z", "datePublished": "2026-04-03T13:24:31.281Z", "dateUpdated": "2026-04-03T13:24:31.281Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-03T13:24:31.281Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler\n\nCommit 31a7a0bbeb00 (\"dpaa2-switch: add bounds check for if_id in IRQ\nhandler\") introduces a range check for if_id to avoid an out-of-bounds\naccess. If an out-of-bounds if_id is detected, the interrupt status is\nnot cleared. This may result in an interrupt storm.\n\nClear the interrupt status after detecting an out-of-bounds if_id to avoid\nthe problem.\n\nFound by an experimental AI code review agent at Google."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c"], "versions": [{"version": "34b56c16efd61325d80bf1d780d0e176be662f59", "lessThan": "b5bababe7703a7322bc59b803ab1587887a2a5e4", "status": "affected", "versionType": "git"}, {"version": "f89e33c9c37f0001b730e23b3b05ab7b1ecface2", "lessThan": "c7becfe3e604d138bd53b8ac3111b2b3e8ec6b0e", "status": "affected", "versionType": "git"}, {"version": "2447edc367800ba914acf7ddd5d250416b45fb31", "lessThan": "fa4412cdc5178a48799bafcb8af28fd2fbf3d703", "status": "affected", "versionType": "git"}, {"version": "1b381a638e1851d8cfdfe08ed9cdbec5295b18c9", "lessThan": "00f42ace446f1e4bf84988f2281131f52cd32796", "status": "affected", "versionType": "git"}, {"version": "31a7a0bbeb006bac2d9c81a2874825025214b6d8", "lessThan": "28fd8ac1d49389cb230d712116f54e27ebec11b8", "status": "affected", "versionType": "git"}, {"version": "31a7a0bbeb006bac2d9c81a2874825025214b6d8", "lessThan": "74badb9c20b1a9c02a95c735c6d3cd6121679c93", "status": "affected", "versionType": "git"}, {"version": "77611cab5bdfff7a070ae574bbfba20a1de99d1b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c"], "versions": [{"version": "6.19", "status": "affected"}, {"version": "0", "lessThan": "6.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.163", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.124", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12.70", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18.10", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "7.0-rc3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.200"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b5bababe7703a7322bc59b803ab1587887a2a5e4"}, {"url": "https://git.kernel.org/stable/c/c7becfe3e604d138bd53b8ac3111b2b3e8ec6b0e"}, {"url": "https://git.kernel.org/stable/c/fa4412cdc5178a48799bafcb8af28fd2fbf3d703"}, {"url": "https://git.kernel.org/stable/c/00f42ace446f1e4bf84988f2281131f52cd32796"}, {"url": "https://git.kernel.org/stable/c/28fd8ac1d49389cb230d712116f54e27ebec11b8"}, {"url": "https://git.kernel.org/stable/c/74badb9c20b1a9c02a95c735c6d3cd6121679c93"}], "title": "dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler\n\nCommit 31a7a0bbeb00 (\"dpaa2-switch: add bounds check for if_id in IRQ\nhandler\") introduces a range check for if_id to avoid an out-of-bounds\naccess. If an out-of-bounds if_id is detected, the interrupt status is\nnot cleared. This may result in an interrupt storm.\n\nClear the interrupt status after detecting an out-of-bounds if_id to avoid\nthe problem.\n\nFound by an experimental AI code review agent at Google."}], "id": "CVE-2026-23422", "lastModified": "2026-04-03T16:10:23.730", "metrics": {}, "published": "2026-04-03T14:16:28.320", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/00f42ace446f1e4bf84988f2281131f52cd32796"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/28fd8ac1d49389cb230d712116f54e27ebec11b8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/74badb9c20b1a9c02a95c735c6d3cd6121679c93"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b5bababe7703a7322bc59b803ab1587887a2a5e4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c7becfe3e604d138bd53b8ac3111b2b3e8ec6b0e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fa4412cdc5178a48799bafcb8af28fd2fbf3d703"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"csaw": false, "cwe": "CWE-392", "details": ["A flaw was found in the Linux kernel's dpaa2-switch component. When an out-of-bounds interface identifier (if_id) is detected in the interrupt handler, the interrupt status is not properly cleared. This oversight can lead to an interrupt storm, resulting in a Denial of Service (DoS) condition for the system."], "name": "CVE-2026-23422", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23422\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23422\nhttps://lore.kernel.org/linux-cve-announce/2026040304-CVE-2026-23422-1e6f@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[34b56c16efd61325d80bf1d780d0e176be662f59,b5bababe7703a7322bc59b803ab1587887a2a5e4)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f89e33c9c37f0001b730e23b3b05ab7b1ecface2,c7becfe3e604d138bd53b8ac3111b2b3e8ec6b0e)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[2447edc367800ba914acf7ddd5d250416b45fb31,fa4412cdc5178a48799bafcb8af28fd2fbf3d703)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1b381a638e1851d8cfdfe08ed9cdbec5295b18c9,00f42ace446f1e4bf84988f2281131f52cd32796)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[31a7a0bbeb006bac2d9c81a2874825025214b6d8,28fd8ac1d49389cb230d712116f54e27ebec11b8)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[31a7a0bbeb006bac2d9c81a2874825025214b6d8,74badb9c20b1a9c02a95c735c6d3cd6121679c93)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "77611cab5bdfff7a070ae574bbfba20a1de99d1b"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.19"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.19)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.1.167,6.2.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.6.130,6.7.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.12.77,6.13.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.18.17,6.19.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19.7,6.20.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-03T17:06:26.073438+00:00", "value": {"mitigation_remediation": ["Apply the kernel patch that incorporates commit 31a7a0bbeb00, which adds bounds checking and clears the interrupt status in the dpaa2-switch IRQ handler.", "Upgrade to a kernel version that contains this patch, such as the latest stable release of the Linux kernel.", "Verify that the driver no longer reports repeated DPAA2 IRQ errors and monitor system logs for interrupt storms.", "If a patch is not immediately available, consider disabling dpaa2-switch functionality or the related hardware until the update is applied.", "Contact the Linux distribution maintainer for a backport or advisory relating to this fix."], "summary": {"action": "Patch", "impact": "Interrupt Storm (Denial of Service)"}, "threat_synthesis": {"affected_systems": "The flaw resides in the dpaa2-switch component of the Linux kernel. Both vendor entries list the product as Linux:Linux, and the CPE refers to the generic Linux kernel. No particular kernel version is cited, so any kernel revision that lacks the bounds\u2011check commit (31a7a0bbeb00) and that employs DPAA2 switch hardware may be vulnerable. Users running older kernel releases on platforms that use this driver should verify whether the patch has been integrated.", "description_and_impact": "The dpaa2-switch driver in the Linux kernel performed no bounds checking on the if_id field supplied to its IRQ handler. When an out\u2011of\u2011bounds if_id is processed, the driver fails to clear the interrupt status, which can trigger an unbounded stream of interrupts. This continuous interrupt activity consumes CPU cycles and can bring the affected system to a state of denial\u2011of\u2011service. The issue was addressed by adding a bounds check and clearing the interrupt status whenever an invalid if_id is detected.", "risk_and_exploitability": "The CVSS and EPSS scores are not available, and the vulnerability is not listed in the CISA KEV catalog, indicating that no publicly known exploits exist to date. However, the error can be triggered by providing a malformed if_id, a condition that could be achieved through privileged user\u2011space code or interaction with the associated network controller. Based on the description, it is inferred that an attacker with the ability to influence IRQ handling may cause a sustained interrupt storm, exhausting CPU resources. The overall risk is considered moderate, as the impact is significant but the exploitation prerequisites are non\u2011trivial and no current exploits are documented."}}}}, "created": "2026-04-03T21:14:16.661837+00:00", "updated": "2026-04-03T21:16:32.504864+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-20", "CWE-400"]}