Vulnerabilities ›

CVE-2026-43241

High

CWE-125 — Weakness Type

                    Published: May 6, 2026                      ·  Modified: May 13, 2026                      ·  Source: NVD                

CVSS v3

7.1

🔗 NVD Official

📄 Description (English)

In the Linux kernel, the following vulnerability has been resolved:

ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access

Number of MW LUTs depends on NTB configuration and can be set to MAX_MWS,
This patch protects against invalid index out of bounds access to mw_sizes
When invalid access print message to user that configuration is not valid.

🤖 AI Executive Summary

CVE-2026-43241 is a high-severity array index out-of-bounds vulnerability in the Linux kernel's NTB Switchtec driver that could allow local attackers to read or write kernel memory. The vulnerability exists in the memory window (MW) LUT configuration handling where invalid indices can access the mw_sizes array without proper bounds checking. This affects systems using NTB (Non-Transparent Bridge) hardware, particularly in high-performance computing and data center environments common in Saudi Arabia.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 11, 2026 19:01

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi organizations operating high-performance computing infrastructure, data centers, and research institutions. Government entities (NCA, ARAMCO, KAUST) and financial institutions (SAMA-regulated banks) utilizing NTB-based interconnect technologies for server clustering and data replication are at elevated risk. Telecom operators (STC, Mobily) managing large-scale data center operations may also be affected. The vulnerability allows local privilege escalation and kernel memory corruption, potentially compromising system integrity and enabling lateral movement within critical infrastructure.

🏢 Affected Saudi Sectors

Government (NCA, ARAMCO, KAUST) Banking and Financial Services (SAMA-regulated institutions) Telecommunications (STC, Mobily, Zain) Data Centers and Cloud Infrastructure Research and Academic Institutions Energy Sector (ARAMCO, SEC)

🎯 MITRE ATT&CK Techniques

T1548 — Abuse Elevation Control Mechanism (local privilege escalation) T1055 — Process Injection (kernel memory manipulation) T1040 — Traffic Capture (potential memory disclosure) T1499 — Endpoint Denial of Service (kernel panic via invalid access)

⚖️ Saudi Risk Score (AI)

6.8

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify systems running affected Linux kernel versions with NTB Switchtec driver enabled

2. Check kernel configuration: grep -i CONFIG_NTB_SWITCHTEC /boot/config-$(uname -r)

3. Isolate affected systems from production if NTB hardware is actively used



Patching Guidance:

1. Apply latest Linux kernel security patches from your distribution (RHEL, Ubuntu, SLES)

2. For RHEL: yum update kernel && reboot

3. For Ubuntu: apt update && apt upgrade linux-image-generic && reboot

4. Verify patch application: uname -r should show updated kernel version



Compensating Controls (if immediate patching unavailable):

1. Disable NTB Switchtec driver if not required: echo 'blacklist ntb_switchtec' >> /etc/modprobe.d/blacklist.conf

2. Restrict local access via SSH key-based authentication and disable password login

3. Implement AppArmor/SELinux profiles to restrict kernel module access

4. Monitor system logs for NTB-related errors: journalctl -u kernel | grep -i ntb



Detection Rules:

1. Monitor for kernel oops/panic messages containing 'ntb_switchtec' or 'mw_sizes'

2. Track failed NTB device initialization attempts in dmesg

3. Alert on unexpected kernel memory access patterns via auditd: auditctl -w /sys/kernel/debug/ntb -p wa

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد الأنظمة التي تقوم بتشغيل إصدارات نواة Linux المتأثرة مع تفعيل برنامج تشغيل NTB Switchtec

2. التحقق من تكوين النواة: grep -i CONFIG_NTB_SWITCHTEC /boot/config-$(uname -r)

3. عزل الأنظمة المتأثرة عن الإنتاج إذا كان جهاز NTB قيد الاستخدام النشط

إرشادات التصحيح:

1. تطبيق أحدث تصحيحات أمان نواة Linux من توزيعتك (RHEL, Ubuntu, SLES)

2. لـ RHEL: yum update kernel && reboot

3. لـ Ubuntu: apt update && apt upgrade linux-image-generic && reboot

4. التحقق من تطبيق التصحيح: uname -r يجب أن يظهر إصدار النواة المحدث

الضوابط البديلة (إذا لم يكن التصحيح الفوري متاحاً):

1. تعطيل برنامج تشغيل NTB Switchtec إذا لم يكن مطلوباً: echo 'blacklist ntb_switchtec' >> /etc/modprobe.d/blacklist.conf

2. تقييد الوصول المحلي عبر المصادقة القائمة على مفاتيح SSH وتعطيل تسجيل الدخول بكلمة المرور

3. تطبيق ملفات تعريف AppArmor/SELinux لتقييد وصول وحدة النواة

4. مراقبة سجلات النظام للأخطاء المتعلقة بـ NTB: journalctl -u kernel | grep -i ntb

قواعد الكشف:

1. مراقبة رسائل kernel oops/panic التي تحتوي على 'ntb_switchtec' أو 'mw_sizes'

2. تتبع محاولات تهيئة جهاز NTB الفاشلة في dmesg

3. التنبيه على أنماط وصول ذاكرة النواة غير المتوقعة عبر auditd: auditctl -w /sys/kernel/debug/ntb -p wa

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 - 5.1.1: System Hardening and Patch Management ECC 2024 - 5.2.1: Vulnerability Management ECC 2024 - 5.3.2: Access Control and Privilege Management ECC 2024 - 6.1.1: Security Monitoring and Incident Detection

🔵 SAMA CSF

SAMA CSF - ID.RA-1: Asset Management and Vulnerability Identification SAMA CSF - PR.IP-12: System and Information Integrity SAMA CSF - DE.CM-1: Detection and Analysis SAMA CSF - RS.MI-1: Incident Response and Recovery

🟡 ISO 27001:2022

ISO 27001:2022 - A.12.6.1: Management of technical vulnerabilities ISO 27001:2022 - A.14.2.1: Secure development policy ISO 27001:2022 - A.12.2.1: Configuration management ISO 27001:2022 - A.12.3.1: Change management

🟣 PCI DSS v4.0.1

PCI DSS 4.0 - 6.2: Security patches and updates PCI DSS 4.0 - 6.3.1: Vulnerability scanning and remediation

🔗 References & Sources 8

🔗

https://git.kernel.org/stable/c/0e930420945106151c6eb3d7837b4e6154e9b144

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/2346856b74823a2a78109002e479a3d02526a9ce

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/348e1ac9ad983ed7e62de14e1daf47f1695a4ce9

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/47ce292dd45dc689747c40603222691638919189

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/740945de896021b9a859e71f38f6aea72a6393cf

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/85c9daa1f8319bbb3dfee71dc6a2f969cd3b4c92

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/c8ba7ad2cc1c7b90570aa347b8ebbe279f1eface

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/ee02c4f980c91820845dd8e469ec7dc670ab6d9d

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

📦 Affected Products / CPE 7 entries

linux:linux_kernel

📊 CVSS Score

7.1

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.1

CWECWE-125

EPSS0.02%

Exploit No

Patch ✓ Yes

Published 2026-05-06

Source Feed nvd

🇸🇦 Saudi Risk Score

6.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

patch-available CWE-125

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-43241

Introduce Yourself

Sign In Required