PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23422 Linux CVE debrief

The Linux kernel was vulnerable to an interrupt storm due to improper handling of out-of-bounds if_id values in the dpaa2-switch IRQ handler. This issue was resolved by clearing the interrupt status after detecting an out-of-bounds if_id. The vulnerability was addressed through a range check for if_id and clearing the interrupt status when an out-of-bounds value is detected. Affected users should apply patches from Linux kernel stable branches.

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-03
Original CVE updated
2026-07-14
Advisory published
2026-04-03
Advisory updated
2026-07-14

Who should care

Users of Linux kernel versions 5.15.200 to 5.15.203, 6.1.163 to 6.1.167, 6.6.124 to 6.6.130, 6.12.70 to 6.12.77, 6.18.10 to 6.18.17, 6.19.1 to 6.19.7, and 7.0 rc1 to rc7 should apply patches to mitigate this vulnerability. This includes operators, platform administrators, vulnerability management teams, and security teams responsible for these Linux kernel versions.

Technical summary

The dpaa2-switch IRQ handler did not properly handle out-of-bounds if_id values, leading to an interrupt storm. The issue was addressed by adding a range check for if_id and clearing the interrupt status when an out-of-bounds value is detected. Multiple Linux kernel versions were affected, including 5.15.200 to 5.15.203, 6.1.163 to 6.1.167, 6.6.124 to 6.6.130, 6.12.70 to 6.12.77, 6.18.10 to 6.18.17, 6.19.1 to 6.19.7, and 7.0 rc1 to rc7. The fix ensures that the interrupt status is cleared after detecting an out-of-bounds if_id to avoid the interrupt storm.

Defensive priority

High

Recommended defensive actions

  • Apply patches from Linux kernel stable branches
  • Inventory and update affected Linux kernel versions
  • Monitor system logs for interrupt storm indicators
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-04-03T14:16:28.320Z and last modified on 2026-07-14T13:18:33.890Z. The NVD entry is currently Modified. This issue was identified through experimental AI code review at Google. The dpaa2-switch IRQ handler did not properly handle out-of-bounds if_id values. Multiple Linux kernel versions were affected, including 5.15.200 to 5.15.203, 6.1.163 to 6.1.167, 6.6.124 to 6.6.130, 6.12.70 to 6.12.77, 6.18.10 to 6.18.17, 6.19.1 to 6.19.7, and 7.0 rc1 to rc7.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-03T14:16:28.320Z and has not been modified since then. The NVD entry is currently Modified.