CVE-2026-23422
Published: 03 April 2026
Summary
CVE-2026-23422 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-11 (Error Handling).
Deeper analysis
CVE-2026-23422 affects the Linux kernel's dpaa2-switch component. A previous commit added a bounds check for the if_id parameter in the IRQ handler to prevent out-of-bounds access (CWE-787), but it did not clear the interrupt status upon detecting an invalid if_id. This oversight can trigger an interrupt storm, consuming excessive CPU resources and potentially leading to denial of service.
The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it can be exploited by a local attacker with low privileges, requiring low complexity and no user interaction. Exploitation involves triggering the IRQ handler with an out-of-bounds if_id, resulting in high impacts to confidentiality, integrity, and availability due to the resulting system instability from the interrupt storm.
Kernel stable commit references, such as https://git.kernel.org/stable/c/00f42ace446f1e4bf84988f2281131f52cd32796 and others listed, provide the fix by clearing the interrupt status after detecting an out-of-bounds if_id, thereby preventing the storm. Security practitioners should update to patched kernel versions incorporating these commits.
This issue was identified by an experimental AI code review agent at Google, highlighting AI's role in kernel security reviews; no real-world exploitation has been reported.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-18641
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler Commit 31a7a0bbeb00 ("dpaa2-switch: add bounds check for if_id in IRQ handler") introduces a range check for if_id to avoid…
more
an out-of-bounds access. If an out-of-bounds if_id is detected, the interrupt status is not cleared. This may result in an interrupt storm. Clear the interrupt status after detecting an out-of-bounds if_id to avoid the problem. Found by an experimental AI code review agent at Google.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel IRQ handler flaw directly enables exploitation for privilege escalation (T1068) and system DoS via interrupt storm (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the vulnerability by requiring timely remediation of the kernel flaw through patching to clear interrupt status on out-of-bounds if_id, preventing interrupt storms.
Ensures proper error handling in the IRQ handler for invalid if_id by clearing interrupt status, avoiding resource exhaustion from repeated interrupts.
Protects system availability against denial-of-service from interrupt storms triggered by malformed if_id inputs in the dpaa2-switch driver.