Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-43248
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-06 May, 2026 | 11:28
Updated At-08 May, 2026 | 12:41
Rejected At-
▼CVE Numbering Authority (CNA)
vhost: move vdpa group bound check to vhost_vdpa

In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhost_vdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpa_sim where a valid ASID can be assigned to a group equal to ngroups, causing an out of bound write.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/vdpa/mlx5/net/mlx5_vnet.c
  • drivers/vdpa/vdpa_sim/vdpa_sim.c
  • drivers/vhost/vdpa.c
Default Status
unaffected
Versions
Affected
  • From bda324fd037a6b0d44da5699574ce741ca161bc4 before ddb57354634b6ba851b79da45f1de42c646f27d0 (git)
  • From bda324fd037a6b0d44da5699574ce741ca161bc4 before 7441d35d14d9a3d66d925d90cb73c75394e6d454 (git)
  • From bda324fd037a6b0d44da5699574ce741ca161bc4 before 406db68f9cb976a8ddfafd631197264f2307e9c9 (git)
  • From bda324fd037a6b0d44da5699574ce741ca161bc4 before cd025c1e876b4e262e71398236a1550486a73ede (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/vdpa/mlx5/net/mlx5_vnet.c
  • drivers/vdpa/vdpa_sim/vdpa_sim.c
  • drivers/vhost/vdpa.c
Default Status
affected
Versions
Affected
  • 5.19
Unaffected
  • From 0 before 5.19 (semver)
  • From 6.12.75 through 6.12.* (semver)
  • From 6.18.16 through 6.18.* (semver)
  • From 6.19.6 through 6.19.* (semver)
  • From 7.0 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/ddb57354634b6ba851b79da45f1de42c646f27d0
N/A
https://git.kernel.org/stable/c/7441d35d14d9a3d66d925d90cb73c75394e6d454
N/A
https://git.kernel.org/stable/c/406db68f9cb976a8ddfafd631197264f2307e9c9
N/A
https://git.kernel.org/stable/c/cd025c1e876b4e262e71398236a1550486a73ede
N/A
Hyperlink: https://git.kernel.org/stable/c/ddb57354634b6ba851b79da45f1de42c646f27d0
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/7441d35d14d9a3d66d925d90cb73c75394e6d454
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/406db68f9cb976a8ddfafd631197264f2307e9c9
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/cd025c1e876b4e262e71398236a1550486a73ede
Resource: N/A
Details not found