CVE-2026-43248

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.8 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved:

vhost: move vdpa group bound check to vhost_vdpa

Remove duplication by consolidating these here. This reduces the
posibility of a parent driver missing them.

While we're at it, fix a bug in vdpa_sim where a valid ASID can be
assigned to a group equal to ngroups, causing an out of bound write.

Vulnerability Details

Published Date

May 06, 2026

Last Modified

May 08, 2026

Source

NVD

Vendor

Linux

Product

Linux

External References

https://git.kernel.org/stable/c/406db68f9cb976a8ddfafd631197264f2307e9c9
https://git.kernel.org/stable/c/7441d35d14d9a3d66d925d90cb73c75394e6d454
https://git.kernel.org/stable/c/cd025c1e876b4e262e71398236a1550486a73ede
https://git.kernel.org/stable/c/ddb57354634b6ba851b79da45f1de42c646f27d0

CVE-2026-43248

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment