CVE-2026-43248 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhost_vdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpa_sim where a valid ASID can be assigned to a group equal to ngroups, causing an out of bound write.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/406db68f9cb976a8ddfafd631197264f2307e9c9
https://git.kernel.org/stable/c/7441d35d14d9a3d66d925d90cb73c75394e6d454
https://git.kernel.org/stable/c/cd025c1e876b4e262e71398236a1550486a73ede
https://git.kernel.org/stable/c/ddb57354634b6ba851b79da45f1de42c646f27d0

History

Wed, 06 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-119 CWE-787

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhost_vdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpa_sim where a valid ASID can be assigned to a group equal to ngroups, causing an out of bound write.
Title		vhost: move vdpa group bound check to vhost_vdpa
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/406db68f9cb976a8ddfafd631197264f2307e9c9 https://git.kernel.org/stable/c/7441d35d14d9a3d66d925d90cb73c75394e6d454 https://git.kernel.org/stable/c/cd025c1e876b4e262e71398236a1550486a73ede https://git.kernel.org/stable/c/ddb57354634b6ba851b79da45f1de42c646f27d0

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:28:39.578Z

Updated: 2026-05-06T11:28:39.578Z

Reserved: 2026-05-01T14:12:55.996Z

Link: CVE-2026-43248

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:45.380

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43248

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-43248", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-01T14:12:55.996Z", "datePublished": "2026-05-06T11:28:39.578Z", "dateUpdated": "2026-05-06T11:28:39.578Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-06T11:28:39.578Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: move vdpa group bound check to vhost_vdpa\n\nRemove duplication by consolidating these here. This reduces the\nposibility of a parent driver missing them.\n\nWhile we're at it, fix a bug in vdpa_sim where a valid ASID can be\nassigned to a group equal to ngroups, causing an out of bound write."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/vdpa/mlx5/net/mlx5_vnet.c", "drivers/vdpa/vdpa_sim/vdpa_sim.c", "drivers/vhost/vdpa.c"], "versions": [{"version": "bda324fd037a6b0d44da5699574ce741ca161bc4", "lessThan": "ddb57354634b6ba851b79da45f1de42c646f27d0", "status": "affected", "versionType": "git"}, {"version": "bda324fd037a6b0d44da5699574ce741ca161bc4", "lessThan": "7441d35d14d9a3d66d925d90cb73c75394e6d454", "status": "affected", "versionType": "git"}, {"version": "bda324fd037a6b0d44da5699574ce741ca161bc4", "lessThan": "406db68f9cb976a8ddfafd631197264f2307e9c9", "status": "affected", "versionType": "git"}, {"version": "bda324fd037a6b0d44da5699574ce741ca161bc4", "lessThan": "cd025c1e876b4e262e71398236a1550486a73ede", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/vdpa/mlx5/net/mlx5_vnet.c", "drivers/vdpa/vdpa_sim/vdpa_sim.c", "drivers/vhost/vdpa.c"], "versions": [{"version": "5.19", "status": "affected"}, {"version": "0", "lessThan": "5.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.75", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.16", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.6", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.12.75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.18.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.19.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ddb57354634b6ba851b79da45f1de42c646f27d0"}, {"url": "https://git.kernel.org/stable/c/7441d35d14d9a3d66d925d90cb73c75394e6d454"}, {"url": "https://git.kernel.org/stable/c/406db68f9cb976a8ddfafd631197264f2307e9c9"}, {"url": "https://git.kernel.org/stable/c/cd025c1e876b4e262e71398236a1550486a73ede"}], "title": "vhost: move vdpa group bound check to vhost_vdpa", "x_generator": {"engine": "bippy-1.2.0"}}}}