CVE-2025-38074 vhost-scsi: protect vq->log_used with vq->mutex

In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: protect vq-logused with vq-mutex The vhost-scsi completion path may access vq-logbase when vq-logused is already set to false. vhost-thread QEMU-thread vhostscsicompletecmdwork - vhostaddused - vhostaddusedn if...

CVE-2024-49863

Summary (CVE-2024-49863) A Linux kernel vulnerability in vhost/scsi allowed a null pointer dereference in vhost_scsi_get_req() when handling certain AN SCSI requests. The bug occurred after vhost_scsi_ctl_handle_vq() could assign vc.target = NULL for AN requests; later, vhost_scsi_get_req() deref...

The vulnerability of the vhost_new_msg() function in the drivers/vhost/vhost.c file of the Linux kernel’s vhost driver allows a attacker to access protected information.

The vulnerability of the vhostnewmsg function in the drivers/vhost/vhost.c file of the Linux kernel’s vhost driver is related to improper initialization of memory for messages transmitted between host systems. Exploiting this vulnerability could allow an attacker to gain access to protected...

kernel: vhost-net: guest to host kernel escape during migration

A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this fla...