PatchSiren cyber security CVE debrief
CVE-2026-23422 Linux CVE debrief
The Linux kernel was vulnerable to an interrupt storm due to improper handling of out-of-bounds if_id values in the dpaa2-switch IRQ handler. This issue was resolved by clearing the interrupt status after detecting an out-of-bounds if_id. The vulnerability was addressed through a range check for if_id and clearing the interrupt status when an out-of-bounds value is detected. Affected users should apply patches from Linux kernel stable branches.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-03
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-04-03
- Advisory updated
- 2026-07-14
Who should care
Users of Linux kernel versions 5.15.200 to 5.15.203, 6.1.163 to 6.1.167, 6.6.124 to 6.6.130, 6.12.70 to 6.12.77, 6.18.10 to 6.18.17, 6.19.1 to 6.19.7, and 7.0 rc1 to rc7 should apply patches to mitigate this vulnerability. This includes operators, platform administrators, vulnerability management teams, and security teams responsible for these Linux kernel versions.
Technical summary
The dpaa2-switch IRQ handler did not properly handle out-of-bounds if_id values, leading to an interrupt storm. The issue was addressed by adding a range check for if_id and clearing the interrupt status when an out-of-bounds value is detected. Multiple Linux kernel versions were affected, including 5.15.200 to 5.15.203, 6.1.163 to 6.1.167, 6.6.124 to 6.6.130, 6.12.70 to 6.12.77, 6.18.10 to 6.18.17, 6.19.1 to 6.19.7, and 7.0 rc1 to rc7. The fix ensures that the interrupt status is cleared after detecting an out-of-bounds if_id to avoid the interrupt storm.
Defensive priority
High
Recommended defensive actions
- Apply patches from Linux kernel stable branches
- Inventory and update affected Linux kernel versions
- Monitor system logs for interrupt storm indicators
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-04-03T14:16:28.320Z and last modified on 2026-07-14T13:18:33.890Z. The NVD entry is currently Modified. This issue was identified through experimental AI code review at Google. The dpaa2-switch IRQ handler did not properly handle out-of-bounds if_id values. Multiple Linux kernel versions were affected, including 5.15.200 to 5.15.203, 6.1.163 to 6.1.167, 6.6.124 to 6.6.130, 6.12.70 to 6.12.77, 6.18.10 to 6.18.17, 6.19.1 to 6.19.7, and 7.0 rc1 to rc7.
Official resources
-
CVE-2026-23422 CVE record
CVE.org
-
CVE-2026-23422 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-03T14:16:28.320Z and has not been modified since then. The NVD entry is currently Modified.