Description
In the Linux kernel, the following vulnerability has been resolved:

vhost: move vdpa group bound check to vhost_vdpa

Remove duplication by consolidating these here. This reduces the
posibility of a parent driver missing them.

While we're at it, fix a bug in vdpa_sim where a valid ASID can be
assigned to a group equal to ngroups, causing an out of bound write.
Published: 2026-05-06
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel contains a flaw in the vdpa_sim module where a valid ASID may be assigned to a group index that equals the number of groups, causing an out-of-bounds write. This memory corruption can overwrite kernel data structures. The underlying weakness is an out-of-bounds write (CWE‑787).

Affected Systems

The vulnerability affects the Linux kernel for all released versions that have not incorporated the bound‑check patch referenced in commit 406db68f9cb976a8ddfafd631197264f2307e9c9. Any system running such a kernel and using the vdpa_sim interface, particularly within virtualized environments, is susceptible.

Risk and Exploitability

The CVSS score is 7.8, indicating high severity. The EPSS score is <1%, suggesting a very low exploitation probability, and the issue is not listed in the CISA KEV catalog. An out-of-bounds write in kernel space remains high‑severity. Based on the description, it is inferred that an attacker with local or privileged access capable of assigning an ASID to a group index equal to ngroups could trigger the vulnerability.

Generated by OpenCVE AI on May 8, 2026 at 16:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that contains the vdpa group bound check fix.
  • If an immediate kernel upgrade is not possible, disable the vdpa_sim feature or reconfigure virtualization to avoid assigning an ASID to a group index equal to ngroups.
  • Consider disabling VHOST Vdpa in virtualization settings until the patch can be applied.

Generated by OpenCVE AI on May 8, 2026 at 16:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 13:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 07 May 2026 04:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Wed, 06 May 2026 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-787

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhost_vdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpa_sim where a valid ASID can be assigned to a group equal to ngroups, causing an out of bound write.
Title vhost: move vdpa group bound check to vhost_vdpa
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:20:52.486Z

Reserved: 2026-05-01T14:12:55.996Z

Link: CVE-2026-43248

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:45.380

Modified: 2026-05-11T13:14:40.387

Link: CVE-2026-43248

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43248 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T16:30:12Z

Weaknesses