HIGHCVE-2026-43248Published Modified CNA Linux
CVE-2026-43248: vhost: move vdpa group bound check to vhost_vdpa
In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhost_vdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpa_sim where a valid ASID can be assigned to a group equal to ngroups, causing an out of bound write.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
0406db68f9cb976a8ddfafd631197264f2307e9c96.12.756.18.166.19.67.07441d35d14d9a3d66d925d90cb73c75394e6d454cd025c1e876b4e262e71398236a1550486a73ededdb57354634b6ba851b79da45f1de42c646f27d0
Affected packages
- Linux / Linux< ddb57354634b6ba851b79da45f1de42c646f27d0 (from bda324fd037a6b0d44da5699574ce741ca161bc4) · < 7441d35d14d9a3d66d925d90cb73c75394e6d454 (from bda324fd037a6b0d44da5699574ce741ca161bc4) · < 406db68f9cb976a8ddfafd631197264f2307e9c9 (from bda324fd037a6b0d44da5699574ce741ca161bc4) · < cd025c1e876b4e262e71398236a1550486a73ede (from bda324fd037a6b0d44da5699574ce741ca161bc4)
- Linux / Linux5.19Fixed in 0, 6.12.75, 6.18.16, 6.19.6, 7.0
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H