CVE-2026-46034

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Fix NULL pointer dereference in interrupt trigger path Add validation to ensure MSI is configured before accessing cdxirqs array in vfiocdxsetmsitrigger. Without this check, userspace can trigger a NULL pointer...

CVE-2026-46034 vfio/cdx: Fix NULL pointer dereference in interrupt trigger path

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Fix NULL pointer dereference in interrupt trigger path Add validation to ensure MSI is configured before accessing cdxirqs array in vfiocdxsetmsitrigger. Without this check, userspace can trigger a NULL pointer...

CVE-2026-46034

The CVE-2026-46034 issue affects the Linux kernel VFIO/cdx path, where NULL pointer dereference could occur in the interrupt trigger path if userspace calls VFIO_DEVICE_SET_IRQS with DATA_BOOL/DATA_NONE before interrupts are set up via VFIO_IRQ_SET_DATA_EVENTFD. The root cause is missing enforcem...

PT-2026-43903

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A use-after-free issue exists in the vfio/cdx component. The function vfio cdx set msi trigger reads vdev-config msi and operates on the vdev-cdx irqs array without proper serialization...