Description
In the Linux kernel, the following vulnerability has been resolved:

vhost: move vdpa group bound check to vhost_vdpa

Remove duplication by consolidating these here. This reduces the
posibility of a parent driver missing them.

While we're at it, fix a bug in vdpa_sim where a valid ASID can be
assigned to a group equal to ngroups, causing an out of bound write.
Published: 2026-05-06
Score: 7.0 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel contains a flaw in the vdpa_sim module where a valid ASID may be assigned to a group index that equals the number of groups, causing an out-of-bounds write. This memory corruption can overwrite kernel data structures. The underlying weakness is an out-of-bounds write (CWE‑787).

Affected Systems

The vulnerability affects the Linux kernel for all released versions that have not incorporated the bound-check patch referenced in commit 406db68f9cb976a8ddfafd631197264f2307e9c9. Any system running such a kernel and using the vdpa_sim interface, particularly within virtualized environments, is susceptible.

Risk and Exploitability

The CVSS score is 7.0, indicating high severity. EPSS information is not available and the issue is not listed in the CISA KEV catalog, so the exact likelihood of exploitation is unknown. Nevertheless, an out-of-bounds write in kernel space is high-severity. Based on the description, it is inferred that an attacker with local or privileged access capable of assigning an ASID to a group index equal to ngroups could trigger the vulnerability.

Generated by OpenCVE AI on May 7, 2026 at 05:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that contains the vdpa group bound check fix.
  • If an immediate kernel upgrade is not possible, disable the vdpa_sim feature or reconfigure virtualization to avoid assigning an ASID to a group index equal to ngroups.
  • Consider disabling VHOST Vdpa in virtualization settings until the patch can be applied.

Generated by OpenCVE AI on May 7, 2026 at 05:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 04:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Wed, 06 May 2026 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-787

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhost_vdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpa_sim where a valid ASID can be assigned to a group equal to ngroups, causing an out of bound write.
Title vhost: move vdpa group bound check to vhost_vdpa
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-06T11:28:39.578Z

Reserved: 2026-05-01T14:12:55.996Z

Link: CVE-2026-43248

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:45.380

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43248

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43248 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T05:45:06Z

Weaknesses