Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-43141— ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut

AI Predicted 5.5 Difficulty: Moderate EPSS 0.13% · P3

Possible ATT&CK Techniques 1AI

T1203 · Exploitation for Client Execution

Affected Version Matrix 18

VendorProductVersion RangeStatus
LinuxLinuxec0467ccbdeb69a86c8729073057bda7bce00eec< d652ef399f131fcd5f8f34266167449ee7c9e5b3affected
ec0467ccbdeb69a86c8729073057bda7bce00eec< 5590cd04d6845c01a6bad985a491c58af6fb5389affected
ec0467ccbdeb69a86c8729073057bda7bce00eec< a11d03d116eef138a7249202bd772c8e61915aecaffected
ec0467ccbdeb69a86c8729073057bda7bce00eec< d0559d07afabfddaaded6a61a16154486b956764affected
ec0467ccbdeb69a86c8729073057bda7bce00eec< 2e4d5e8d86a969318340be95470bb76e52392082affected
ec0467ccbdeb69a86c8729073057bda7bce00eec< a133e3caf844a3f56b6eef89ddaa66115874f6bdaffected
ec0467ccbdeb69a86c8729073057bda7bce00eec< 1a867d0d79a4a570a33f2f433919ad2bd7a27b67affected
ec0467ccbdeb69a86c8729073057bda7bce00eec< 186615f8855a0be4ee7d3fcd09a8ecc10e783b08affected
… +10 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-43141

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut Number of MW LUTs depends on NTB configuration and can be set to zero, in such scenario rounddown_pow_of_two will cause undefined behaviour and should not be performed. This patch ensures that rounddown_pow_of_two is called on valid value.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于ntb_hw_switchtec驱动中当MW LUT数量为零时rounddown_pow_of_two函数导致移位越界。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux ec0467ccbdeb69a86c8729073057bda7bce00eec ~ d652ef399f131fcd5f8f34266167449ee7c9e5b3 -
LinuxLinux 4.15 -

II. Public POCs for CVE-2026-43141

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-43141

登录查看更多情报信息。

Patches & Fixes for CVE-2026-43141 (8)

Same Patch Batch · Linux · 2026-05-06 · 224 CVEs total

CVE-2026-432089.8 CRITICALnet: do not pass flow_id to set_rps_cpu()
CVE-2026-431259.8 CRITICALdlm: validate length in dlm_search_rsb_tree
CVE-2026-431989.8 CRITICALtcp: fix potential race in tcp_v6_syn_recv_sock()
CVE-2026-431869.8 CRITICALipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data()
CVE-2026-431859.8 CRITICALksmbd: fix signededness bug in smb_direct_prepare_negotiation()
CVE-2026-431149.4 CRITICALnetfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry
CVE-2026-431979.1 CRITICALnetconsole: avoid OOB reads, msg is not nul-terminated
CVE-2026-431179.1 CRITICALbtrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file()
CVE-2026-430839.1 CRITICALnet: ioam6: fix OOB and missing lock
CVE-2026-432158.8 HIGHcifs: Fix locking usage for tcon fields
CVE-2026-432328.8 HIGHnet: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets
CVE-2026-431728.8 HIGHwifi: iwlwifi: fix 22000 series SMEM parsing
CVE-2026-432838.8 HIGHnet: ethernet: ec_bhf: Fix dma_free_coherent() dma handle
CVE-2026-431768.8 HIGHwifi: rtw89: pci: validate release report content before using for RTL8922DE
CVE-2026-431138.8 HIGHwifi: wl1251: validate packet IDs before indexing tx_frames
CVE-2026-431128.8 HIGHfs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath
CVE-2026-431108.8 HIGHwifi: brcmfmac: validate bsscfg indices in IF events
CVE-2026-432498.8 HIGH9p/xen: protect xen_9pfs_front_free against concurrent calls
CVE-2026-432398.8 HIGHsmb: client: prevent races in ->query_interfaces()
CVE-2026-431878.8 HIGHxfs: delete attr leaf freemap entries when empty

Showing top 20 of 224 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-43141

No comments yet


Leave a comment