Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-43281— mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate()

AI Predicted 5.5 Difficulty: Moderate EPSS 0.12% · P2

Affected Version Matrix 18

VendorProductVersion RangeStatus
LinuxLinux2b6d83e2b8b7de82331a6a1dcd64b51020a6031c< 2c7ff651ec6b660c7c96a36db9328b3232f555d8affected
2b6d83e2b8b7de82331a6a1dcd64b51020a6031c< ec0874447895b994182a962d2fee9ef075de5efdaffected
2b6d83e2b8b7de82331a6a1dcd64b51020a6031c< 2662ed331a69c0b551f78af58f12eb629a89a36faffected
2b6d83e2b8b7de82331a6a1dcd64b51020a6031c< 31c4c67dec3362094a6747a171a4848e98542265affected
2b6d83e2b8b7de82331a6a1dcd64b51020a6031c< 01d9a8c2615d436b2b30c19c1afe9fcd5726ff6daffected
2b6d83e2b8b7de82331a6a1dcd64b51020a6031c< 4caae8168d1b808c7d4ff481295292e3f97f90fbaffected
2b6d83e2b8b7de82331a6a1dcd64b51020a6031c< f50b39fd7c72a8734153644ee945ca0d8b2e65abaffected
2b6d83e2b8b7de82331a6a1dcd64b51020a6031c< fcd7f96c783626c07ee3ed75fa3739a8a2052310affected
… +10 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-43281

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate() Although it is guided that `#mbox-cells` must be at least 1, there are many instances of `#mbox-cells = <0>;` in the device tree. If that is the case and the corresponding mailbox controller does not provide `fw_xlate` and of_xlate` function pointers, `fw_mbox_index_xlate()` will be used by default and out-of-bounds accesses could occur due to lack of bounds check in that function.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于fw_mbox_index_xlate函数缺乏边界检查,可能导致越界访问。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 2b6d83e2b8b7de82331a6a1dcd64b51020a6031c ~ 2c7ff651ec6b660c7c96a36db9328b3232f555d8 -
LinuxLinux 3.18 -

II. Public POCs for CVE-2026-43281

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-43281

登录查看更多情报信息。

Patches & Fixes for CVE-2026-43281 (8)

Same Patch Batch · Linux · 2026-05-06 · 224 CVEs total

CVE-2026-431869.8 CRITICALipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data()
CVE-2026-431259.8 CRITICALdlm: validate length in dlm_search_rsb_tree
CVE-2026-431859.8 CRITICALksmbd: fix signededness bug in smb_direct_prepare_negotiation()
CVE-2026-432089.8 CRITICALnet: do not pass flow_id to set_rps_cpu()
CVE-2026-431989.8 CRITICALtcp: fix potential race in tcp_v6_syn_recv_sock()
CVE-2026-431149.4 CRITICALnetfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry
CVE-2026-431179.1 CRITICALbtrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file()
CVE-2026-430839.1 CRITICALnet: ioam6: fix OOB and missing lock
CVE-2026-431979.1 CRITICALnetconsole: avoid OOB reads, msg is not nul-terminated
CVE-2026-431878.8 HIGHxfs: delete attr leaf freemap entries when empty
CVE-2026-432838.8 HIGHnet: ethernet: ec_bhf: Fix dma_free_coherent() dma handle
CVE-2026-432158.8 HIGHcifs: Fix locking usage for tcon fields
CVE-2026-431768.8 HIGHwifi: rtw89: pci: validate release report content before using for RTL8922DE
CVE-2026-431728.8 HIGHwifi: iwlwifi: fix 22000 series SMEM parsing
CVE-2026-431138.8 HIGHwifi: wl1251: validate packet IDs before indexing tx_frames
CVE-2026-432498.8 HIGH9p/xen: protect xen_9pfs_front_free against concurrent calls
CVE-2026-432398.8 HIGHsmb: client: prevent races in ->query_interfaces()
CVE-2026-431588.8 HIGHxfs: fix freemap adjustments when adding xattrs to leaf blocks
CVE-2026-431128.8 HIGHfs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath
CVE-2026-431108.8 HIGHwifi: brcmfmac: validate bsscfg indices in IF events

Showing top 20 of 224 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-43281

No comments yet


Leave a comment