{"id":"CVE-2026-43281","summary":"mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: Prevent out-of-bounds access in fw_mbox_index_xlate()\n\nAlthough it is guided that `#mbox-cells` must be at least 1, there are\nmany instances of `#mbox-cells = \u003c0\u003e;` in the device tree. If that is\nthe case and the corresponding mailbox controller does not provide\n`fw_xlate` and of_xlate` function pointers, `fw_mbox_index_xlate()` will\nbe used by default and out-of-bounds accesses could occur due to lack of\nbounds check in that function.","modified":"2026-05-28T03:52:44.013145224Z","published":"2026-05-06T11:29:02.278Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43281.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/01d9a8c2615d436b2b30c19c1afe9fcd5726ff6d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2662ed331a69c0b551f78af58f12eb629a89a36f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/31c4c67dec3362094a6747a171a4848e98542265"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4caae8168d1b808c7d4ff481295292e3f97f90fb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f50b39fd7c72a8734153644ee945ca0d8b2e65ab"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fcd7f96c783626c07ee3ed75fa3739a8a2052310"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43281.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43281"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2b6d83e2b8b7de82331a6a1dcd64b51020a6031c"},{"fixed":"2662ed331a69c0b551f78af58f12eb629a89a36f"},{"fixed":"31c4c67dec3362094a6747a171a4848e98542265"},{"fixed":"01d9a8c2615d436b2b30c19c1afe9fcd5726ff6d"},{"fixed":"4caae8168d1b808c7d4ff481295292e3f97f90fb"},{"fixed":"f50b39fd7c72a8734153644ee945ca0d8b2e65ab"},{"fixed":"fcd7f96c783626c07ee3ed75fa3739a8a2052310"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43281.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.18.0"},{"fixed":"6.1.167"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.130"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.77"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.16"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.6"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43281.json"}}],"schema_version":"1.7.5"}