Home

Description

In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhost_vdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpa_sim where a valid ASID can be assigned to a group equal to ngroups, causing an out of bound write.

PUBLISHED Reserved 2026-05-01 | Published 2026-05-06 | Updated 2026-05-08 | Assigner Linux




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Product status

Default status
unaffected

bda324fd037a6b0d44da5699574ce741ca161bc4 (git) before ddb57354634b6ba851b79da45f1de42c646f27d0
affected

bda324fd037a6b0d44da5699574ce741ca161bc4 (git) before 7441d35d14d9a3d66d925d90cb73c75394e6d454
affected

bda324fd037a6b0d44da5699574ce741ca161bc4 (git) before 406db68f9cb976a8ddfafd631197264f2307e9c9
affected

bda324fd037a6b0d44da5699574ce741ca161bc4 (git) before cd025c1e876b4e262e71398236a1550486a73ede
affected

Default status
affected

5.19
affected

Any version before 5.19
unaffected

6.12.75 (semver)
unaffected

6.18.16 (semver)
unaffected

6.19.6 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/ddb57354634b6ba851b79da45f1de42c646f27d0

git.kernel.org/...c/7441d35d14d9a3d66d925d90cb73c75394e6d454

git.kernel.org/...c/406db68f9cb976a8ddfafd631197264f2307e9c9

git.kernel.org/...c/cd025c1e876b4e262e71398236a1550486a73ede

cve.org (CVE-2026-43248)

nvd.nist.gov (CVE-2026-43248)

Download JSON